httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jay L. T. Cornwall" <...@esuna.co.uk>
Subject Re: Redundant SSL virtual host warnings?
Date Sun, 08 Apr 2007 21:22:59 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ruediger Pluem wrote:

> This is not a good idea. Even though the client does not complain about
> a wrong certificate in the case of a wildcard certificate there are
> still pitfalls on the server side. All virtual host specific SSL
> configuration parameters are taken from the first virtual host and not
> from the target virtual host. See
> 
> http://issues.apache.org/bugzilla/show_bug.cgi?id=41537#c3

Ah, fair point. That's a fairly good argument for leaving the warnings
in, then.

(It's also a good argument for greater separation of security options
from virtual host contexts, but I wouldn't ask that much work of anyone!)

- --
Jay L. T. Cornwall, http://www.esuna.co.uk/~jay/
PhD Student
Imperial College London
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGGV0zoHnC75cy2zgRAuiLAJ9RgU3p1L82+VOUkRX3BVX3MNi6LQCeNMBR
ZOApFvqQ6nOuzTemQOcf3i0=
=9CW7
-----END PGP SIGNATURE-----

Mime
View raw message