httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <>
Subject SNI in 2.2.9? (Re: 2.2.9 status)
Date Tue, 03 Jun 2008 14:42:07 GMT
> There are just a handful of useful patches in STATUS lacking
> a single vote for inclusion in 2.2.9...

While not completely true for the SNI backport proposal (requires more
than a single additional vote), I'd nevertheless like to draw the
attention to that patch.

Looking at the current votes, I think that the -1 no longer applies,
actually (it was added in December '07, before the code was reworked

>       Backport version for 2.2.x of updated patch:
>       +1: fuankg
>       +0: like ssl upgrade of 2.2, perhaps this is a good reason to bring
>           httpd-2.4 to completion?  vhost changes could be disruptive to
>           third party module authors.
>       -1: rpluem: jorton found some problems with the trunk version and they
>                   should be fixed / discussed in trunk before we backport.

The last issue reported by Joe in April
can be addressed by the attached patch, if deemed appropriate [1]. All
other problems observed previously are already included in the backport

So, is there still hope for SNI being added in 2.2.9...? Let me know if
there's anything else I can do to increase the chances of getting this
proposal accepted.


[1] The problem is already present in the current 2.2.x branch (it's not
introduced by the SNI patch, in particular): when setting up more than
one SSL-enabled VirtualHost (e.g. by using a wildcard certificate, or a
cert with several subjectAltName entries), only the per-vhost
SSLVerifyClient/SSLVerifyDepth statements set for the *first* vhost are
ever considered.

View raw message