Bug 60899 - provide utility function to return a servers SSL_CTX object
Summary: provide utility function to return a servers SSL_CTX object
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.5-HEAD
Hardware: PC All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2017-03-22 01:11 UTC by squiggly101
Modified: 2020-08-04 10:34 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description squiggly101 2017-03-22 01:11:39 UTC
I am prototyping an Apache module that performs certain security compliance checks, one aspect of which requires access to the SSL_CTX that mod_ssl creates for an SSL enabled server.

Access to that object is currently through the SSLSrvConfigRec->server and modssl_ctx_t->ssl_ctx structures, which works well but I would like to avoid directly accessing these private structures if possible.

It would be nice if the public API of mod_ssl (perhaps exposed in ssl_util_ssl.h) defined a function such as:

/* please be a function not a macro! */
SSL_CTX *sslctx_from_server(server_rec *s)
        SSLSrvConfigRec *sc = mySrvConfig(s);                                     
        if (sc && sc->enabled > 0) {
            return sc->server->ssl_ctx; 
        return NULL;
Comment 1 Joe Orton 2020-08-04 10:34:32 UTC
You should be able to do this using the hook exposed by mod_ssl_openssl.h:

APR_DECLARE_EXTERNAL_HOOK(ssl, SSL, int, init_server,
                          (server_rec *s, apr_pool_t *p, int is_proxy, SSL_CTX *ctx))