From df2bbb74176a37b9731695c83bec421a9f0d0e4b Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 3 Jan 2014 20:07:54 +0000
Subject: [PATCH] * Update comment. No functional change.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1555240 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_kernel.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 4c7daa4469..062e235a8a 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -175,10 +175,13 @@ int ssl_hook_ReadReq(request_rec *r)
              * with either no hostname or a different hostname as this could
              * cause us to end up in a different virtual host as the one that
              * was used for the handshake causing different SSL parameters to
-             * be applied.
-             * XXX: TODO check if this is really true and that there are
-             * SSL parameters that are not fixed by a renegotiation in
-             * ssl_hook_Access.
+             * be applied as SSLProtocol, SSLCACertificateFile/Path and
+             * SSLCADNRequestFile/Path cannot be renegotioated (SSLCA* due
+             * to current limitiations in Openssl, see
+             * http://mail-archives.apache.org/mod_mbox/httpd-dev/200806.mbox/%3C48592955.2090303@velox.ch%3E
+             * and
+             * http://mail-archives.apache.org/mod_mbox/httpd-dev/201312.mbox/%3CCAKQ1sVNpOrdiBm-UPw1hEdSN7YQXRRjeaT-MCWbW_7mN%3DuFiOw%40mail.gmail.com%3E
+             * )
              */
             if (!r->hostname) {
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02031)
-- 
2.50.1