Return-Path: 
 <cvs-return-41553-apmail-httpd-cvs-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-cvs-archive@www.apache.org
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AD59397C6
	for <apmail-httpd-cvs-archive@www.apache.org>;
 Mon,  5 Mar 2012 01:18:26 +0000 (UTC)
Received: (qmail 76169 invoked by uid 500); 5 Mar 2012 01:18:26 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 76109 invoked by uid 500); 5 Mar 2012 01:18:26 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:cvs-help@httpd.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@httpd.apache.org>
List-Post: <mailto:cvs@httpd.apache.org>
List-Id: <cvs.httpd.apache.org>
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 76101 invoked by uid 99); 5 Mar 2012 01:18:26 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Mar 2012 01:18:26 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Mar 2012 01:18:24 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id BEFB223889B8;
	Mon,  5 Mar 2012 01:18:04 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1296921 - in
 /httpd/httpd/branches/2.2.x/docs/manual/ssl:
 ssl_faq.html.en ssl_faq.xml
Date: Mon, 05 Mar 2012 01:18:04 -0000
To: cvs@httpd.apache.org
From: rbowen@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120305011804.BEFB223889B8@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: rbowen
Date: Mon Mar  5 01:18:03 2012
New Revision: 1296921

URL: http://svn.apache.org/viewvc?rev=1296921&view=rev
Log:
As per https://issues.apache.org/bugzilla/show_bug.cgi?id=51746, note
that wildcard certs and subjectAltName are viable solutions.

Modified:
    httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.html.en
    httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.xml

Modified: httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.html.en?rev=1296921&r1=1296920&r2=1296921&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.html.en Mon Mar  5 01:18:03 2012
@@ -762,7 +762,13 @@ error when connecting to my newly instal
     Apache has to know the <code>Host</code> HTTP header field. To do this, the
     HTTP request header has to be read. This cannot be done before the SSL
     handshake is finished, but the information is needed in order to 
-    complete the SSL handshake phase. Bingo!</p>
+    complete the SSL handshake phase. See the next question for how to
+    circumvent this issue.</p>
+
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
 
 
 <h3><a name="vhosts2" id="vhosts2">Why is it not possible to use Name-Based
@@ -778,6 +784,11 @@ Virtual Hosting to identify different SS
     feature that only the most recent revisions of the SSL
     specification added, called Server Name Indication (SNI).</p>
 
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
+
     <p>The reason is that the SSL protocol is a separate layer which
     encapsulates the HTTP protocol. So the SSL session is a separate 
     transaction, that takes place before the HTTP session has begun. 

Modified: httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.xml?rev=1296921&r1=1296920&r2=1296921&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/ssl/ssl_faq.xml Mon Mar  5 01:18:03 2012
@@ -771,7 +771,13 @@ error when connecting to my newly instal
     Apache has to know the <code>Host</code> HTTP header field. To do this, the
     HTTP request header has to be read. This cannot be done before the SSL
     handshake is finished, but the information is needed in order to 
-    complete the SSL handshake phase. Bingo!</p>
+    complete the SSL handshake phase. See the next question for how to
+    circumvent this issue.</p>
+
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
 </section>
 
 <section id="vhosts2"><title>Why is it not possible to use Name-Based
@@ -787,6 +793,11 @@ Virtual Hosting to identify different SS
     feature that only the most recent revisions of the SSL
     specification added, called Server Name Indication (SNI).</p>
 
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
+
     <p>The reason is that the SSL protocol is a separate layer which
     encapsulates the HTTP protocol. So the SSL session is a separate 
     transaction, that takes place before the HTTP session has begun.