Opened 5 years ago

Closed 5 years ago

#14 closed defect (fixed)

Allow for configuration of parameters globally

Reported by: https://id.mayfirst.org/dkg Owned by: https://id.mayfirst.org/dkg
Priority: major Component: code
Version: 5.10 Keywords: config
Cc:

Description

imported from mantis, benbe wrote:

It'd be nice if you could configure some parts like Cipher Priority, Certificate Chain File (yeah, that one makes sense), maybe even default Certificate (if you've got a wildcard which can be used as fallback), GnuTLS-based Auth Params, ... in the global Apache Configuration and get those values as a default if they aren't present in the actual VHost configuration.
Additional Information Take this sample configuration:

GnuTLSCertChain /etc/ssl/all_my_certs_chain.pem
GnuTLSCipherPriority NONE:!MD5:!ANON-DH:!SSLv3:!SECURE128:+CIPHER-ALL:+TLS-ALL:...

NameVirtualHost 1.1.1.1:80
<VirtualHost 1.1.1.1:80>
ServerName foo.com
GnuTLS on
GnuTLSKeyFile /etc/ssl/mycert1.key
GnuTLSCertFile /etc/ssl/mycert1.pem
</VirtualHost>
<VirtualHost 1.1.1.1:80>
ServerName bar.com
GnuTLS on
GnuTLSKeyFile /etc/ssl/mycert2.key
GnuTLSCertFile /etc/ssl/mycert2.pem
</VirtualHost>

Both VHosts should now be using the set priority string and send /etc/ssl/all_my_certs_chain.pem as their key chain (plus their actual certificate as the leaf).

Change History (1)

comment:1 Changed 5 years ago by https://id.mayfirst.org/dkg

  • Resolution set to fixed
  • Status changed from new to closed

this is fixed in trunk.

Note: See TracTickets for help on using tickets.