After acquiesing to punting on the type issues, I got
SSLCertificateChainFile support working acceptably in domtool. Now, just to finish updating the documentation (I got the worst of it) and changing the portal to allow members to request permission to serve intermediate certificates.
In the long term, I’m currently learning toward adding a distinct
vhostSSL type that pushes
[SSL Vhost] onto the context stack. And a
secureAuthType type -> [^SSL & Location]. But that seems a bit … ugly, especially since the differenes would bubble up to other abstractions like
web. But I’m really lacking in clue here.
I think this means that I need to finally read Types and Programming Languages. I hear it’s easier to program when you can form a coherent mental model of what you are working on (effectively evaluating the program in your head), and I really lack that for Domtool (the language), relying instead of years of having used it…
So, life goes on with two options in Domtool being semi-evil and just skipping themselves when not used with SSL vhosts. Until I’ve absorbed the arcane knowledge needed to infer the correct solution.