httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, Vodafone Group <ruediger.pl...@vodafone.com>
Subject AW: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests
Date Fri, 28 Feb 2014 09:05:47 GMT


> -----Ursprüngliche Nachricht-----
> Von: William A. Rowe Jr. [mailto:wmrowe@gmail.com]
> Gesendet: Freitag, 28. Februar 2014 01:21
> An: dev@httpd.apache.org
> Betreff: Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT
> requests
> 
> On Wed, Feb 26, 2014 at 2:45 PM, Ruediger Pluem <rpluem@apache.org>
> claimed:
> 
> > Even if they use IP/Port based virtual hosting the SNI name and
> supplied host header should be consistent.
> 
> For all incoming forward proxy requests your statement is complete
> nonsense.

Correct. But I wasn't talking about forward proxy requests here.
Forward proxy requests are IMHO done by  http://svn.apache.org/r1553204.
I don't get why you insist on talking about forward proxies when everybody else
is talking about different stuff.
OTOH if one talks about forward proxies and ask you something about that
(like about the patch above) you do not reply.

> 
> The Host: header consistently appears to reflect the hostname of the
> URI of the proxy
> request (as distinguish from httpd internal proxy requests)..
> 
> Given that *.example.com is a perfectly valid host cert CN, as is
> foo.example.com
> while bar.example.com is the altname of the certificate, accessing
> bar.example.com
> MUST NOT break when upgrading from 2.2.25 to 2.2.27.

What does break here? Can you give an example of a configuration and a request
that breaks? And please don't get back to a forward proxy example. This
is a separate topic that is acknowledged to be broken and http://svn.apache.org/r1553204
is IMHO the fix.

Regards

Rüdiger


Mime
View raw message