httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 55866] When ProxyPreserveHost is on, SSL expects the wrong CN from the backend
Date Tue, 24 Dec 2013 13:04:38 GMT

--- Comment #4 from Yann Ylavic <> ---
The proxy is requesting but gets a certificate from, how could it validate the peer's CN positively?
Isn't the man-in-the-middle?

When ProxyPreserveHost is on, the host part of the ProxyPass's URL is used only
to resolve the IP address (which could be used there instead, with no

Contrariwise, if one uses ProxyPreserveHost because the/some backend uses the
same Host as the requested one, should the check fail because (s)he sets an IP
address (or a private hostname) in the ProxyPass?

When ProxyPreserveHost is on, either a new directive has to be added to select
the expected peer's hostname (Host vs ProxyPass, bug 54656), or the current
behaviour be applied.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message