httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <>
Subject Fwd: [users@httpd] ssl certifikate mismatch
Date Sun, 16 May 2010 19:14:46 GMT
User has a non-NVH on ( insists SNI is
choosing the SSL configuration from a different VH that (
comes earlier and b) has a matching servername.

Deck-checking the impl, it sure looks like it's supposed to start w/
the output of normal ip-based vhosting and only traverse the NVH'es
hung off that matched vh.

Anyone more familiar with this that can comment to the design or implementation?

---------- Forwarded message ----------
From: Reinhard Vicinus <>
Date: Sun, May 16, 2010 at 2:46 PM
Subject: Re: [users@httpd] ssl certifikate mismatch

> What's the full apachectl -S look like on that config?

VirtualHost configuration:      is a NameVirtualHost
        default server (/etc/apache2/sites-enabled/test:19)
        port 9903 namevhost (/etc/apache2/sites-enabled/test:19) (/etc/apache2/sites-enabled/test:2) (/etc/apache2/sites-enabled/test:10)
Syntax OK

> What was the local host:port the connection was on?
> What SNI hostname was sent?

I think that was sent, but i'm not sure if any SNI
hostname was sent. I called it like this: openssl s_client -connect
> What certificate was selected?  Which certificate do you expect to be
> selected, and why?

The certificate was selected. I would expect that would be selected because the configuration uses ip based
virtual hosting and in the apache documentation it's clearly stated
that only the exact IP address and port pair is used for selecting
virtual hosts by ip based virtual hosting.

Also this configuration worked with older apache versions.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
 "   from the digest:
For additional commands, e-mail:

Eric Covener

View raw message