httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 55866] When ProxyPreserveHost is on, SSL expects the wrong CN from the backend
Date Wed, 11 Dec 2013 21:04:14 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=55866

--- Comment #1 from Yann Ylavic <ylavic.dev@gmail.com> ---
If your backend does not use the same host name (and hence certificate CN) the
client is requesting on the frontend, you shouldn't use ProxyPreserveHost (or
expect SSLProxyCheckPeerCN to accept the peer certificate).

See http://www.mail-archive.com/dev@httpd.apache.org/msg56672.html for a
discussion about this.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message