httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 34607] - Support for Server Name Indication
Date Wed, 07 Mar 2007 10:27:34 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34607>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34607





------- Additional Comments From asfbugz@velox.ch  2007-03-07 02:27 -------
Created an attachment (id=19676)
 --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19676&action=view)
Patch for SNI support in Apache 2.2 or later

For the sake of completeness, I'm attaching the modified version of Peter's
patch, which I have been using on the test site mentioned above since April
2006.

Here is a short overview of my modifications:

1) in set_ssl_vhost(), I've added checks for the ServerAlias directive, so that
certificates with multiple dNSName entries in the subjectAltName extension can
be used, too (these checks are reusing code from matches_aliases() in vhost.c);


2) #ifdef'd the warning "You should not use name-based virtual hosts in
conjunction with SSL!!" - i.e. suppress this message if SNI support is compiled
in;

3) in ssl_hook_Access(), limited the change of the SSL_CTX to the case where
tlsext_hostname isn't set yet (in all other cases, leave it at the default
VirtualHost - we no longer have to return HTTP_FORBIDDEN);

4) in ssl_hook_Fixup(), inserted an additional environment variable (TLS_SNI)
which can be used later on to determine if (and what) SNI extension the client
sent (e.g. in CGI scripts, or when using CustomLog);

5) adapted indentation (spaces instead of tabs).

The diff is against 2.2.x, but applies cleanly against (and seems to work ok
with) trunk, too.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message