Created attachment 30879 [details] Diff to github trunk's of Sep 24 2013 454409553 Hi, OpenSSL 1.0.2 will have a new command, "SSL_CTX_use_serverinfo_file(filename)". This specifies a file of PEM blocks containing TLS ServerHello extension data. The extension data items will be returned if the client sends a corresponding ClientHello. This allows support of Certificate Transparency (RFC 6962 SignedCertificateTimestampList) and TACK (draft-perrin-tls-tack-02 TackExtension). It also allows easy experimentation with stapling other revocation or authorization data into the TLS handshake (OCSP, DNSSEC, etc.). We'd like to expose this file in Apache via a "SSLServerInfoFile" directive.
Given that OpenSSL 1.0.2 will include support for the "Certificate" command via SSLOpenSSLConfCmd (https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=044f8ca87d0cb3c4c8eded86f793a47108614f1f), also allowing to set per-cert options (http://mail-archives.apache.org/mod_mbox/httpd-dev/201310.mbox/%3C526521D6.9060506%40opensslfoundation.com%3E), I'm resolving this as WONTFIX.
for Tomcat, see Bug 58548 see also http://www.certificate-transparency.org/resources-for-site-owners/apache