httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject SNI Host: header mismatch
Date Wed, 10 Jun 2015 14:41:39 GMT
Today I had the second user which got "400 Bad Request" when using mod_h2 with a wildcard certificate.
So, I was thinking how to possibly fix the code in mod_ssl.

The mostly harmless approach is the addition of a configuration directive that admins may
use to explicitly allow multiple host requests on a SNI connection. Which would mean that
both the config of the SNI host and the config of the request host have "SSLSNIVHostMatch
off".

The case where no Host header is provided or no SNI is used I propose to leave unaffected,
e.g. continue to fail.

Any thoughts?

//Stefan


<green/>bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782




Mime
View raw message