Return-Path: X-Original-To: apmail-httpd-bugs-archive@www.apache.org Delivered-To: apmail-httpd-bugs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6C0C3107E1 for ; Wed, 11 Dec 2013 21:04:38 +0000 (UTC) Received: (qmail 97293 invoked by uid 500); 11 Dec 2013 21:04:38 -0000 Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org Received: (qmail 97258 invoked by uid 500); 11 Dec 2013 21:04:38 -0000 Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: "Apache HTTPD Bugs Notification List" List-Id: Delivered-To: mailing list bugs@httpd.apache.org Received: (qmail 97250 invoked by uid 99); 11 Dec 2013 21:04:38 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Dec 2013 21:04:38 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.115] (HELO eir.zones.apache.org) (140.211.11.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Dec 2013 21:04:35 +0000 Received: by eir.zones.apache.org (Postfix, from userid 80) id 97E291C5FA; Wed, 11 Dec 2013 21:04:14 +0000 (UTC) From: bugzilla@apache.org To: bugs@httpd.apache.org Subject: [Bug 55866] When ProxyPreserveHost is on, SSL expects the wrong CN from the backend Date: Wed, 11 Dec 2013 21:04:14 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Apache httpd-2 X-Bugzilla-Component: mod_proxy_http X-Bugzilla-Version: 2.4.4 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: ylavic.dev@gmail.com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@httpd.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://issues.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org https://issues.apache.org/bugzilla/show_bug.cgi?id=55866 --- Comment #1 from Yann Ylavic --- If your backend does not use the same host name (and hence certificate CN) the client is requesting on the frontend, you shouldn't use ProxyPreserveHost (or expect SSLProxyCheckPeerCN to accept the peer certificate). See http://www.mail-archive.com/dev@httpd.apache.org/msg56672.html for a discussion about this. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org