servername extension and apache 2.2.0

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

servername extension and apache 2.2.0

Peter Sylvester-3
Hello,

I just have put together the small patch for apache 2.2.0 which allows
to use the sernername extension
logic in the development snapshot in order to select a different ssl
context, and also to
renegotiate if the vhost indicated by Host: has a different SSL_ctx
(e.g. certificate).

The patch also includes a little "const" fix due the SSL_method change.

See  http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch
and http://www.edelweb.fr/EdelKey/  for the background story

Have fun
Peter

smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: servername extension and apache 2.2.0

Oden Eriksson
måndagen den 6 februari 2006 18.13 skrev Peter Sylvester:

> Hello,
>
> I just have put together the small patch for apache 2.2.0 which allows
> to use the sernername extension
> logic in the development snapshot in order to select a different ssl
> context, and also to
> renegotiate if the vhost indicated by Host: has a different SSL_ctx
> (e.g. certificate).
>
> The patch also includes a little "const" fix due the SSL_method change.
>
> See
> http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch and
> http://www.edelweb.fr/EdelKey/  for the background story

It hasn't been accepted upstream?

--
Regards // Oden Eriksson
Mandriva: http://www.mandriva.com
NUX: http://li.nux.se
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: servername extension and apache 2.2.0

Peter Sylvester-3

The version of this patch is not one hour old.

The development snapshot is related to openssl
which is also only there since a few weeks.

The patch was done to validate that the openssl servername extension code
can be easily used in an application.

Both development teams may have opinions about the API.

Oden Eriksson wrote:

> måndagen den 6 februari 2006 18.13 skrev Peter Sylvester:
>  
>> Hello,
>>
>> I just have put together the small patch for apache 2.2.0 which allows
>> to use the sernername extension
>> logic in the development snapshot in order to select a different ssl
>> context, and also to
>> renegotiate if the vhost indicated by Host: has a different SSL_ctx
>> (e.g. certificate).
>>
>> The patch also includes a little "const" fix due the SSL_method change.
>>
>> See
>> http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch and
>> http://www.edelweb.fr/EdelKey/  for the background story
>>    
>
> It hasn't been accepted upstream?
>
>  

--
To verify the signature, see http://edelpki.edelweb.fr/ 
Cela vous permet de charger le certificat de l'autorité;
die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.


smime.p7s (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: servername extension and apache 2.2.0

Oden Eriksson
måndagen den 6 februari 2006 19.36 skrev Peter Sylvester:
> The version of this patch is not one hour old.
>
> The development snapshot is related to openssl
> which is also only there since a few weeks.
>
> The patch was done to validate that the openssl servername extension code
> can be easily used in an application.
>
> Both development teams may have opinions about the API.

Oh, I must have misunderstood it. I thought it was a older patch/code.

> Oden Eriksson wrote:
> > måndagen den 6 februari 2006 18.13 skrev Peter Sylvester:
> >> Hello,
> >>
> >> I just have put together the small patch for apache 2.2.0 which allows
> >> to use the sernername extension
> >> logic in the development snapshot in order to select a different ssl
> >> context, and also to
> >> renegotiate if the vhost indicated by Host: has a different SSL_ctx
> >> (e.g. certificate).
> >>
> >> The patch also includes a little "const" fix due the SSL_method change.
> >>
> >> See
> >> http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch
> >> and http://www.edelweb.fr/EdelKey/  for the background story
> >
> > It hasn't been accepted upstream?

--
Regards // Oden Eriksson
Mandriva: http://www.mandriva.com
NUX: http://li.nux.se
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: servername extension and apache 2.2.0

wrowe
In reply to this post by Peter Sylvester-3
If you want to submit and have considered by the httpd project, perhaps you
ment to submit it there?

Nice work b.t.w.

Bill


Peter Sylvester wrote:

> Hello,
>
> I just have put together the small patch for apache 2.2.0 which allows
> to use the sernername extension
> logic in the development snapshot in order to select a different ssl
> context, and also to
> renegotiate if the vhost indicated by Host: has a different SSL_ctx
> (e.g. certificate).
>
> The patch also includes a little "const" fix due the SSL_method change.
>
> See  
> http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch
> and http://www.edelweb.fr/EdelKey/  for the background story
>
> Have fun
> Peter
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: servername extension and apache 2.2.0

Peter Sylvester-3
William A. Rowe, Jr. wrote:
> If you want to submit and have considered by the httpd project,
> perhaps you
> ment to submit it there?
Not yet. Since the corresponding openssl code is still in the
development branch,
and not in a stable one.

The apache2 patch was done to see whether the api is good,
or, an attempt to motivate the openssl developpers to regard whether  the
openssl API is something that needs to be changed or not, whether it is
missing
some functionality or else whenever they have time. :-)
>
> Nice work b.t.w.
Thanks.

smime.p7s (6K) Download Attachment