httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49731] SSLVerifyClient and SSL virtual hosts don't work quite right
Date Tue, 10 Aug 2010 15:48:19 GMT

--- Comment #2 from Dave Longley <> 2010-08-10 11:48:16 EDT
(In reply to comment #1)
> Name based virtual host are not supported with SSL, especially not with this
> old version. Use the latest version and clients and an openssl version on
> server side which support SNI, and everything works as expected.

The problem seems to persist in version 2.2.16. I have two site configurations
where one uses 'SSLClientVerify optional_no_ca' and another uses
'SSLClientVerify none'. When using a TLS client (one that prints out the SNI
hostname that it is sending the server), I receive a CertificateRequest for
both sites. The content served does (correctly) depend on the hostname
provided, so the virtual host option is functioning correctly.

I will try to confirm this using two vanilla configurations and add them to
this bug (and reopen it if confirmed). Perhaps that will reveal it is only a
configuration issue. I assume Apache 2.2.16 is the latest version you're
referring to of 2.2? I can find tarballs for 2.3.6 but I didn't think that you
meant Apache 2.3.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message