httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 56353] New: SNI not working correctly when certificate is defined in global scope
Date Sun, 06 Apr 2014 11:44:06 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=56353

            Bug ID: 56353
           Summary: SNI not working correctly when certificate is defined
                    in global scope
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: hanno@hboeck.de

I found a regression but in the behaviour certificates get loaded in apache
2.4.9. The same issue does not appear in 2.4.7 and is therefore a regression.

When one defines a certificate in the global scope (outside any VirtualHost),
all hosts deliver that certificate.

Example config:

SSLCertificateFile /etc/apache2/certs/test1.crt
SSLCertificateKeyFile /etc/apache2/certs/test1.key
<VirtualHost *:443>
        ServerName test1.local
        DocumentRoot /var/www/test1/
        SSLEngine On
</VirtualHost>
<VirtualHost *:443>
        ServerName test2.local
        DocumentRoot /var/www/test2/
        SSLEngine On
        SSLCertificateFile /etc/apache2/certs/test2.crt
        SSLCertificateKeyFile /etc/apache2/certs/test2.key
</VirtualHost>

What should happen: The first vhost (test1.local) should deliver test1.crt and
the second host (test2.local) should deliver test2.crt.
However, what happens is that both hosts deliver test1.crt.

It gets even weirder when one adds certificate chains. They still get delivered
by vhosts. So if I e.g. add a certificate chain to test2.local in this example,
I'll get test1.crt with the chain defined in test2.local.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message