httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Additional comments on the Host: header.... (fwd)
Date Tue, 19 Mar 1996 03:51:47 GMT
	I'm wondering if anyone knows anything about the following
	I really like the proposed standard which would eliminate the
requirement to use tons of IP#s like hell to do the virtualhosts. For
some reason I hadn't thought about that non-Host: method, the full-URL
method. I like that..
	anyway, getting to my point: Netscape Navigator 2.0 now
requires that the hostname in the SSL certificate match the hostname
in the URL. The SSL certificate to use, of course, is determined
*before* the GET request gets sent. Verisign doesn't create
certificates of the form:
www.(customer1|customer2|customer3|customer4).com, although netscape
supports that format.
	This requirement actually is a plus for Apache-SSL over
Netscape, because apparently Netscape's SSL_accept() is bundled with
the socket-level accept(), meaning that the application doesn't have a
chance to choose certificates based on the local socket address. (Of
course, Netscape lacks support for virtual hosts in general anyway.)

	So is Verisign either going to get in line and sign certs
which say www.(multiplecompanies).com, or is SSL not going to be
happy with HTTP/1.1 ?
	various things to ponder...

Sameer Parekh					Voice:   510-601-9777x3
Community ConneXion, Inc.			FAX:     510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376 (or login as "guest")

View raw message