httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49731] SSLVerifyClient and SSL virtual hosts don't work quite right
Date Tue, 10 Aug 2010 15:48:19 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49731

--- Comment #2 from Dave Longley <dlongley@digitalbazaar.com> 2010-08-10 11:48:16 EDT
---
(In reply to comment #1)
> Name based virtual host are not supported with SSL, especially not with this
> old version. Use the latest version and clients and an openssl version on
> server side which support SNI, and everything works as expected.

The problem seems to persist in version 2.2.16. I have two site configurations
where one uses 'SSLClientVerify optional_no_ca' and another uses
'SSLClientVerify none'. When using a TLS client (one that prints out the SNI
hostname that it is sending the server), I receive a CertificateRequest for
both sites. The content served does (correctly) depend on the hostname
provided, so the virtual host option is functioning correctly.

I will try to confirm this using two vanilla configurations and add them to
this bug (and reopen it if confirmed). Perhaps that will reveal it is only a
configuration issue. I assume Apache 2.2.16 is the latest version you're
referring to of 2.2? I can find tarballs for 2.3.6 but I didn't think that you
meant Apache 2.3.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message