httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Falco Schwarz <hid...@falco.me>
Subject RE: ssl_die() and pool cleanup
Date Sat, 23 Nov 2013 13:29:23 GMT
----------------------------------------
> Date: Sat, 23 Nov 2013 08:18:14 -0500
> Subject: Re: ssl_die() and pool cleanup
> From: covener@gmail.com
> To: dev@httpd.apache.org
>
>> So, if the sanity check is skipped for the _default_ host, or there is a better way
to set the ServerName of the _default_ host, which I don't know yet, then this wouldn't be
affected.
>
> I don't think any behavior should be based on _default_ vs. *.
>
> Your scenario probably works the same with the first VH as "*" simply
> because it's the first listed NVH.

You are right, there should be no difference between _default_ vs. *.

Yet, this does not change the fact, that you have to explicitly set a ServerName for the first
VH, different to the CN in the certificate. Otherwise all requests would be served by the
first VH, instead of the other ones.

If mod_ssl would decline VH's with a nonmatching ServerName, then a configuration with a <VirtualHost
:80 :443> would be impossible without a wildcard certificate, at least to my knowledge.
		 	   		  

Mime
View raw message