Date: Sun, 5 Oct 1997 11:59:10 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: Re: in progress: vhosts yet again
In-Reply-To: <3437799C.7DCC589@algroup.co.uk>
Message-ID: <Pine.LNX.3.95dg3.971005115436.5049E-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org
Status: O


On Sun, 5 Oct 1997, Ben Laurie wrote:

> Mark J Cox wrote:
> > 
> > > Wildcard ports utterly suck.  But I'm guessing that you SSL weenies need
> > > me to not screw them up.  Given that port-vhosting hasn't ever worked
> > > correctly with name-vhosting I'm not at all concerned about making it
> > > work now.  So here's what I'm asserting:
> > 
> > Host: based virtual hosts don't work well with SSL anyway (the server
> > doesn't get the Host: header until after all the negotiation and
> > certificate stuff has been done by which time it's a bit late).  I've not
> > seen people do wildcard ports with SSL; Stronghold just sticks in a
> > Listen *:443 and then <VirtualHost *:443> section.
> 
> Ditto for Apache-SSL (ish).

Cool then I think I'm not going to support wildcard ports on namevhosts
because I'd really like my name_chain lists to have the same ipaddr:port
the whole way down the list.  I could support wildcard ports but require
all namevhosts on that ipaddr to also have wildcard ports.

What's the <VirtualHost *:443> supposed to do?  How about someone send me
a typical SSL config with vhosts so I don't mess it up. 

Do you have other information in the SSL exchange which gives you the same
info as a Host: header would?  I can make it really obvious where you'd
glue in that support. 

> > The only thing to watch is that if someone connects to https://somewhere/
> > my copy of Netscape sends "Host: somewhere" and not "Host: somewhere:443"
> 
> Which is correct, of course.

This is easy to handle if I use Roy's suggestion of trusting the network
port number and not the Host: port number. 

Dean