httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 56353] New: SNI not working correctly when certificate is defined in global scope
Date Sun, 06 Apr 2014 11:44:06 GMT

            Bug ID: 56353
           Summary: SNI not working correctly when certificate is defined
                    in global scope
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl

I found a regression but in the behaviour certificates get loaded in apache
2.4.9. The same issue does not appear in 2.4.7 and is therefore a regression.

When one defines a certificate in the global scope (outside any VirtualHost),
all hosts deliver that certificate.

Example config:

SSLCertificateFile /etc/apache2/certs/test1.crt
SSLCertificateKeyFile /etc/apache2/certs/test1.key
<VirtualHost *:443>
        ServerName test1.local
        DocumentRoot /var/www/test1/
        SSLEngine On
<VirtualHost *:443>
        ServerName test2.local
        DocumentRoot /var/www/test2/
        SSLEngine On
        SSLCertificateFile /etc/apache2/certs/test2.crt
        SSLCertificateKeyFile /etc/apache2/certs/test2.key

What should happen: The first vhost (test1.local) should deliver test1.crt and
the second host (test2.local) should deliver test2.crt.
However, what happens is that both hosts deliver test1.crt.

It gets even weirder when one adds certificate chains. They still get delivered
by vhosts. So if I e.g. add a certificate chain to test2.local in this example,
I'll get test1.crt with the chain defined in test2.local.

You are receiving this mail because:
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message