httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48507] New: name based(?) vhosts has not worked properly or good with 1 ip address and ssl
Date Thu, 07 Jan 2010 19:35:14 GMT

           Summary: name based(?) vhosts has not worked properly or good
                    with 1 ip address and ssl
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl

if to make several virtual hosts all on same port and same ip address and every
has its one domain name, like and (or can be also,
more useful case: and ) and every of
this virtual hosts is configured to have its own different document root and
all different directory, alias, location etc configurations in it, including
that log files are different, but all this virtual hosts use one certificate
file, because they cannot use different certificate files in regular apache
which is without "SNI". this has not worked. apache httpd 2.2.12 in ubuntu 9.10
how this has not worked: apache has started but with some warning and and but
has not served all of this vhosts properly. may be i will check it again. it
has served only one of this vhosts properly, may be because it was first in
vhosts' order, may be because its domain was equal to what is in the
what has not worked properly: apache has applied document root of one of this
vhosts to other vhosts , and may be also applied all other configurations in
that vhost to other vhosts. so only one vhost has worked properly.
somebody can say here: name virtual hosts cannot work with 1 ip address, 1 port
and ssl. no, they can. if same site is opened from all this addresses and in
document root of the site an index.php , it is possible to send different
content to the requests different by http host, it is possible to distinguish
them from $_SERVER['HTTP_HOST'] variable of php. and also client side i.e.
browser, firefox 3.5.x in my case, opens all this domains without extra error
messages, just when user accepts certificate he sees in it domain name that
does not match the domain name in address bar. i think, as/because this way
works default ssl configuration, though they do not match, he can accept that
certificate if he knows that this domains are of same owner or one of them is
subdomain of other.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message