httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: in progress: vhosts yet again
Date Sun, 05 Oct 1997 18:59:10 GMT


On Sun, 5 Oct 1997, Ben Laurie wrote:

> Mark J Cox wrote:
> > 
> > > Wildcard ports utterly suck.  But I'm guessing that you SSL weenies need
> > > me to not screw them up.  Given that port-vhosting hasn't ever worked
> > > correctly with name-vhosting I'm not at all concerned about making it
> > > work now.  So here's what I'm asserting:
> > 
> > Host: based virtual hosts don't work well with SSL anyway (the server
> > doesn't get the Host: header until after all the negotiation and
> > certificate stuff has been done by which time it's a bit late).  I've not
> > seen people do wildcard ports with SSL; Stronghold just sticks in a
> > Listen *:443 and then <VirtualHost *:443> section.
> 
> Ditto for Apache-SSL (ish).

Cool then I think I'm not going to support wildcard ports on namevhosts
because I'd really like my name_chain lists to have the same ipaddr:port
the whole way down the list.  I could support wildcard ports but require
all namevhosts on that ipaddr to also have wildcard ports.

What's the <VirtualHost *:443> supposed to do?  How about someone send me
a typical SSL config with vhosts so I don't mess it up. 

Do you have other information in the SSL exchange which gives you the same
info as a Host: header would?  I can make it really obvious where you'd
glue in that support. 

> > The only thing to watch is that if someone connects to https://somewhere/
> > my copy of Netscape sends "Host: somewhere" and not "Host: somewhere:443"
> 
> Which is correct, of course.

This is easy to handle if I use Roy's suggestion of trusting the network
port number and not the Host: port number. 

Dean


Mime
View raw message