Opened 10 years ago
Last modified 5 years ago
#397 new enhancement
Store SSL certificates in LDAP, get rid of reified vhosts
| Reported by: | andersk | Owned by: | andersk |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | web | Keywords: | |
| Cc: |
Description (last modified by adehnert)
This will need patches to Apache, mod_ssl, and mod_vhost_ldap.
From a quick look at my Git repo from four years ago, my plan was
- turn check_hostalias (server/vhost.c) into an generic ap_lookup_vhost API;
- use ap_lookup_vhost to replace ssl_find_vhost (modules/ssl/ssl_engine_kernel.c);
- add a lookup_vhost hook to ap_lookup_vhost that can be implemented by modules;
- implement the lookup_vhost hook in mod_vhost_ldap (replacing the current translate_name hook);
- teach mod_vhost_ldap an equivalent of the SSLCertificate{File,KeyFile?,ChainFile?} directives.
Hopefully most of this work will be upstreamable. I haven’t checked whether the plan needs changes for httpd 2.4 (if so, it’s not worth putting any effort into 2.2).
[ Partial dup of #52. ]
Change History (3)
comment:1 Changed 10 years ago by andersk
- Description modified (diff)
comment:2 Changed 9 years ago by geofft
- Owner set to andersk
comment:3 Changed 5 years ago by adehnert
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
Can you link to your git repo (if you still have it)? I might be able to pick this up