nnrpd multiple SSL certs

Jeffrey M. Vinocur jeff at litech.org
Fri Jan 4 23:11:30 UTC 2002

On Fri, 4 Jan 2002, Kim Alm wrote:

> Let's assume that the basic rule is that we present the default cert if
> nothing else matches.

Sure, fine.

> 2: nnrpd checks the readers.conf file, in the same succesion as today,
>    looking for cert entries that matches the host of the client.
>     - If it finds a cert entry that matches host, it would present that
>       cert.

Fine so far.

>     - Finds multiple matches, present the first one that matches.

This is the problem.  I think this is yucky.  I could be persuaded
otherwise if other people chime in, though.  Or does it seem yucky to
everybody else?

> This approach would probably require more modifications to the code than
> just adding a command line flag. But I believe that it's more usefull.

Certainly I'd be happy to see something better than another flag.  And
adding parameters is not particularly hard.  It's been a good while since
I looked at the SSL code, but I'd assume this is feasible for the time
being.  We need to agree on semantics first, though.

Jeffrey M. Vinocur
jeff at litech.org

More information about the inn-workers mailing list