@henningw I need your advice on one point: the OpenSSL memory allocation functions are set to ser_* (wrappers around shm*). This means when I allocate private keys in the worker process, they are actually overwriting the private keys from the other children. (The SSL_CTX arrays d->ctx[i] are the same for all workers).

One engine I tested, amazingly could use the private keys overwritten by another mod_chiild().

Further testing with other engines, shows this usually won't work. For such tls domains the engine might need per-worker SSL_CTX array in the domain structure.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.