jimmy wrote:
Hi,I am trying to write an http server which supports virtual servers & ssl sessions. If I were to support the TLS 1.0 server name extension (which says different virtual servers cud send different certificates), then would I be able to use the same SSL_CTX across the different virtual servers or do I need to have different SSL_CTX for each virtual server?
You may take a look a the patch that I made for "server name apache 2.2" and the current snapshots of openssl which support the servername extension. near the end in http://www.edelweb.fr/EdelKey Apache uses a different SSl_CTX for each server, since you can specify all kinds of different parameters. The current code in openssl also assumes that a server is represented by an SSL_CTX. What the apache server name callback does is to switch the SSL_CTX pointer of the SSL object to the other SSL_CTX. It is possible just to change the certificate in the SSL since it has been cached, but there you start intefering with some of the slightly obscure openssl internals.
Is the struct cert_st /* CERT */ *cert;field the one which stores the certificate of the server in SSL_CTX? AFAICS this stores only 6 certificates (one for each key type)? So wouldn't that restrict me to having one certificate (of each key type) for my server?Thanks in advance, jimmy ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
smime.p7s
Description: S/MIME Cryptographic Signature
