httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject SNI in 2.2.9? (Re: 2.2.9 status)
Date Tue, 03 Jun 2008 14:42:07 GMT
> There are just a handful of useful patches in STATUS lacking
> a single vote for inclusion in 2.2.9...

While not completely true for the SNI backport proposal (requires more
than a single additional vote), I'd nevertheless like to draw the
attention to that patch.

Looking at the current votes, I think that the -1 no longer applies,
actually (it was added in December '07, before the code was reworked
considerably):

>       Backport version for 2.2.x of updated patch:
>          http://people.apache.org/~fuankg/diffs/httpd-2.2.x-sni.diff
>       +1: fuankg
>       +0: like ssl upgrade of 2.2, perhaps this is a good reason to bring
>           httpd-2.4 to completion?  vhost changes could be disruptive to
>           third party module authors.
>       -1: rpluem: jorton found some problems with the trunk version and they
>                   should be fixed / discussed in trunk before we backport.

The last issue reported by Joe in April
(http://mail-archives.apache.org/mod_mbox/httpd-dev/200804.mbox/%3c20080422155301.GA4164@redhat.com%3e)
can be addressed by the attached patch, if deemed appropriate [1]. All
other problems observed previously are already included in the backport
version.

So, is there still hope for SNI being added in 2.2.9...? Let me know if
there's anything else I can do to increase the chances of getting this
proposal accepted.

Thanks,
Kaspar

[1] The problem is already present in the current 2.2.x branch (it's not
introduced by the SNI patch, in particular): when setting up more than
one SSL-enabled VirtualHost (e.g. by using a wildcard certificate, or a
cert with several subjectAltName entries), only the per-vhost
SSLVerifyClient/SSLVerifyDepth statements set for the *first* vhost are
ever considered.


Mime
View raw message