httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: other/9871: Server presents wrong certificate with NameVirtualHost
Date Tue, 19 Feb 2002 07:15:41 GMT
On Tue, Feb 19, 2002 at 06:31:35AM -0000, George Mitchell wrote:
> With multiple virtual hosts sharing one IP address (named virtual hosts),
> the SSL module always presents the certificate from the first NameVirtualHost
> regardless of the Host: in the request from the client.  However, the data
> which gets served comes from the proper VirtualHost DocumentRoot.

Since the Host: header is part of the encrypted stream, it is not
known to the server by the time the cert is required to establish an
SSL connection.  For this reason it is not possible to do name-based
virtual hosting w/ SSL.

Perhaps we should make this an explicit failure condition in the
mod_ssl code?

-aaron

Mime
View raw message