nnrpd multiple SSL certs
Jeffrey M. Vinocur
jeff at litech.org
Fri Jan 4 23:11:30 UTC 2002
On Fri, 4 Jan 2002, Kim Alm wrote:
> Let's assume that the basic rule is that we present the default cert if
> nothing else matches.
Sure, fine.
> 2: nnrpd checks the readers.conf file, in the same succesion as today,
> looking for cert entries that matches the host of the client.
> - If it finds a cert entry that matches host, it would present that
> cert.
Fine so far.
> - Finds multiple matches, present the first one that matches.
This is the problem. I think this is yucky. I could be persuaded
otherwise if other people chime in, though. Or does it seem yucky to
everybody else?
> This approach would probably require more modifications to the code than
> just adding a command line flag. But I believe that it's more usefull.
Certainly I'd be happy to see something better than another flag. And
adding parameters is not particularly hard. It's been a good while since
I looked at the SSL code, but I'd assume this is feasible for the time
being. We need to agree on semantics first, though.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list