nnrpd multiple SSL certs

Jeffrey M. Vinocur jeff at litech.org
Fri Jan 4 23:11:30 UTC 2002


On Fri, 4 Jan 2002, Kim Alm wrote:

> Let's assume that the basic rule is that we present the default cert if
> nothing else matches.

Sure, fine.


> 2: nnrpd checks the readers.conf file, in the same succesion as today,
>    looking for cert entries that matches the host of the client.
>     - If it finds a cert entry that matches host, it would present that
>       cert.

Fine so far.

>     - Finds multiple matches, present the first one that matches.

This is the problem.  I think this is yucky.  I could be persuaded
otherwise if other people chime in, though.  Or does it seem yucky to
everybody else?


> This approach would probably require more modifications to the code than
> just adding a command line flag. But I believe that it's more usefull.

Certainly I'd be happy to see something better than another flag.  And
adding parameters is not particularly hard.  It's been a good while since
I looked at the SSL code, but I'd assume this is feasible for the time
being.  We need to agree on semantics first, though.


-- 
Jeffrey M. Vinocur
jeff at litech.org



More information about the inn-workers mailing list