Opened 11 years ago

Last modified 5 years ago

#397 new enhancement

Store SSL certificates in LDAP, get rid of reified vhosts

Reported by: andersk Owned by: andersk
Priority: minor Milestone:
Component: web Keywords:
Cc:

Description (last modified by adehnert)

This will need patches to Apache, mod_ssl, and mod_vhost_ldap.

From a quick look at my Git repo from four years ago, my plan was

  • turn check_hostalias (server/vhost.c) into an generic ap_lookup_vhost API;
  • use ap_lookup_vhost to replace ssl_find_vhost (modules/ssl/ssl_engine_kernel.c);
  • add a lookup_vhost hook to ap_lookup_vhost that can be implemented by modules;
  • implement the lookup_vhost hook in mod_vhost_ldap (replacing the current translate_name hook);
  • teach mod_vhost_ldap an equivalent of the SSLCertificate{File,KeyFile?,ChainFile?} directives.

Hopefully most of this work will be upstreamable. I haven’t checked whether the plan needs changes for httpd 2.4 (if so, it’s not worth putting any effort into 2.2).

[ Partial dup of #52. ]

Change History (3)

comment:1 Changed 11 years ago by andersk

  • Description modified (diff)

comment:2 Changed 10 years ago by geofft

  • Owner set to andersk

Can you link to your git repo (if you still have it)? I might be able to pick this up

comment:3 Changed 5 years ago by adehnert

  • Description modified (diff)
Note: See TracTickets for help on using tickets.