httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 56508] Requiring SNI - SSLStrictSNIVHostCheck semantics
Date Wed, 09 Jul 2014 08:09:12 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=56508

--- Comment #4 from Kaspar Brand <asfbugz@velox.ch> ---
Sounds like we would end up with an overengineered solution... mod_rewrite can
already do much of this:

  RewriteCond %{SSL:SSL_TLS_SNI} =""
  RewriteRule ^ /no_sni_error_page.html

(and instead of a static page, you could also handle this with a script,
setting whatever HTTP status you prefer)

(In reply to Mark Nottingham from comment #0)
> it's the only way to assure that a client
> doesn't get content for one origin when they think it's for another.

Well, the client has to verify the certificate in the first place, so you can
configure some kind of dummy ("snakeoil") certificate for the first vhost.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message