httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55326] SSLProxyCheckPeerName not working in conjunction with mod_rewrite
Date Thu, 01 Aug 2013 05:59:51 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55326

Kaspar Brand <asfbugz@velox.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Hardware|Other                       |All
                 OS|Linux                       |All

--- Comment #1 from Kaspar Brand <asfbugz@velox.ch> ---
(In reply to falco from comment #0)
> If you additionally add the old directive, it works just fine:
> 
>    SSLProxyEngine on
>    SSLProxyCheckPeerName off
>    SSLProxyCheckPeerCN off
>    RewriteRule /status/(.*) https://$1/server-status [P]
> 
> But I do not think that this is intentional if SSLProxyCheckPeerName
> supersedes SSLProxyCheckPeerCN.

It is intentional, see
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn:

"In 2.4.5 and later, SSLProxyCheckPeerCN has been superseded by
SSLProxyCheckPeerName, and its setting is only taken into account when
SSLProxyCheckPeerName off is specified at the same time."

SSLProxyCheckPeerName supersedes SSLProxyCheckPeerCN as far as the default
settings are concerned. Turning off hostname checking for proxied https content
mostly indicates a misunderstanding of the primary purpose of SSL
(authentication), so I think it wouldn't be a good idea if
"SSLProxyCheckPeerName off" would silently disable SSLProxyCheckPeerCN at the
same time.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message