Re: svn commit: r1546693 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c

[Kaspar Brand <ht...@velox.ch>]

On 30.11.2013 12:54, Graham Leggett wrote:
> A question out of ignorance on my side. Will/can the above directive
> be able to influence / somehow affect the ENGINE_ctrl_cmd_string()
> openssl call needed when using dynamic engines in openssl (the
> "engine -pre" and "-post" options specifically)?

Steve is probably the best person to answer this, but in my view,
SSLOpenSSLConfCmd is meant to expose the SSL_CONF API, and should not be
used to mix in ENGINE API things, too.

SSLOpenSSLConfCmd is basically a per-SSL_CTX thing, i.e. per-vhost SSL
stuff. ENGINE(s) shouldn't have to be configured at the vhost level,
hopefully (cf. the current SSLCryptoDevice directive, which is server
config context only).

Kaspar

Re: svn commit: r1546693 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c

[Dr Stephen Henson <sh...@opensslfoundation.com>]

On 01/12/2013 11:16, Kaspar Brand wrote:
> On 30.11.2013 12:54, Graham Leggett wrote:
>> A question out of ignorance on my side. Will/can the above directive
>> be able to influence / somehow affect the ENGINE_ctrl_cmd_string()
>> openssl call needed when using dynamic engines in openssl (the
>> "engine -pre" and "-post" options specifically)?
> 
> Steve is probably the best person to answer this, but in my view,
> SSLOpenSSLConfCmd is meant to expose the SSL_CONF API, and should not be
> used to mix in ENGINE API things, too.
> 

Well at present there is no ENGINE interface for SSL_CONF. As pointed out it
isn't a good fit for general ENGINE configuration but it could be updated in
future to support ENGINE based private keys.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com