httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT requests
Date Fri, 21 Feb 2014 12:55:56 GMT
On Thu, Feb 20, 2014 at 7:18 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja <pavel@netsafe.cz> wrote:
>> Currently there are two possible scenarios with SSLCheckProxyPeerName On and
>> numeric Host/URI:
>> 1) you will try to open new connection which will fail the CN check and
>> client gets 502 Bad Gateway
>> 2) you will try to reuse already opened connection which will get you 400
>> Bad Request because SNI hostname won't match the numeric one.
>>
>
> For 2) the issue is not related to IP addresses, reusing a SNI-ed
> connection without checking the current hostname is a bug IMHO.

I proposed a fix (trunk) in PR 55782:
https://issues.apache.org/bugzilla/attachment.cgi?id=31342&action=diff

Mime
View raw message