https://bz.apache.org/bugzilla/show_bug.cgi?id=65848
--- Comment #1 from Remy Maucherat <r...@apache.org> --- When the possibility exists, the regular configuration should be used otherwise there will always be problems. The doc there https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslopensslconfcmd also says it is going to be a mess since there is config duplication. Looking at https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html, it is possible to identify some commands that would accurately indicate that CA is being configured, including ChainCAFile, ChainCAPath, VerifyCAFile, VerifyCAPath, RequestCAFile. In that case the reject callback would not be set. But having to do and maintain that special handling is annoying, and calls for more special cases. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
