httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r627699 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Date Thu, 14 Feb 2008 21:31:05 GMT


On 02/14/2008 09:46 PM, Dirk-Willem van Gulik wrote:
> 
> On Feb 14, 2008, at 9:34 PM, Ruediger Pluem wrote:

> 
>> server on this IP/port pair. IMHO SNI in SSL should be handled the 
>> same way as usual
>> name based virtual hosts in the HTTP case. This may mean that we need 
>> to add another
>> server_rec field to the conn_rec struct that contains s and that 
>> mod_ssl needs to
>> work with this field instead of base_server. But to be honest I 
>> haven't analysed
>> this further.
> 
> My test suggest that it does the right thing - but I understand your 
> concern -- and have not tried your senario in a wider case. Though my 
> guess this still behaves correct ? Unfortunately I won't be able to dive 
> into this in the next few days. Feel free back this change out if you 
> think it break things - or hack on it :) It is not super critical.

Agreed. From a first checking I see the following difference in behaviour
between SNI / HTTP name based virtual hosts (NBVH):


ap_log_cerror:
           SNI: Logs to error_log of vhost with correct SNI name as soon as
                we adjusted base_server.
          NBVH: Logs to error log of the first vhost


Timeout:
           SNI: Timeout for request reading after a keepalive is set to
                the value of the vhost that handled the request before.
          NBVH: Timeout for request reading after a keepalive is set to
                the value of the first vhost.

mod_dbd (ap_dbd_cacquire):
           SNI: Takes its config from vhost with correct SNI name as soon as
                we adjusted base_server.
          NBVH: Takes its config from the first vhost.


Regards

RĂ¼diger




Mime
View raw message