git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

modssl_load_engine_keypair() for server


Hello

I noticed this commit recently to mod_ssl by Joe Orton (notroj):

mod_ssl: Add support for loading TLS certificates through the PKCS#11
https://github.com/apache/httpd/commit/9007b62ecc0ad59edb37ec5f267a08868064699c

I am interested in something similar, but for servers (virtualhosts) instead of Engines (i.e. modssl_load_server_keypair).

Basically my use case is I want to construct (or obtain) an SSL_CTX from another server for an authorization module - partly to avoid having to deal directly with loading encrypted certificates myself. Allowing Apache to "do it's thing" in that regard, and then pinching the loaded keypair/SSL_CTX from another server_rec saves a lot of hassle, and quite frankly makes it possible.

So basically I would like to start a discussion of whether a similar function modssl_load_server_keypair() or modssl_load_server_sslctx() is possible.

Cheers,