httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mikhail T." <mi+t...@aldan.algebra.com>
Subject Re: Why aren't name-based vhosts not working properly under SSL?
Date Mon, 16 Apr 2012 15:51:35 GMT
On 16.04.2012 11:40, Tom Evans wrote:
> They can. Excerpt from my httpd.conf:
Your excerpt does not show different DocumentRoots -- nor any other settings... 
Could you show more contents? What is the Apache version you are using? In all 
my attempts, Apache a) issues a pointless warning about multiple SSL vhosts on 
the same IP/port; b) uses the settings (including DocumentRoot) from the first 
vhost encountered for all of them.

On 16.04.2012 11:39, Reindl Harald wrote:
> because SSL was misdesigned years ago and the Host-Header is also sent 
> encrypted, so the server can not know for with hostname the ssl-handshake is 
> and since he knows the Hostname AFTER handshake it is too late 
No, this does not answer my question. In my scenario the SSL-certificate is the 
same for all vhosts concerned. So Apache could use that certificate to establish 
the SSL connection, and then parse the Host:-header to determine, which group of 
other (non-SSL) settings to apply to the request. But Apache does not do that -- 
not in 2.2.22.

Is this an omission, that can and should be fixed, or am I missing something 
else? Thanks!

    -mi




Mime
View raw message