httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: SNI Host: header mismatch
Date Wed, 10 Jun 2015 15:48:53 GMT
On Wed, Jun 10, 2015 at 5:30 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing
> <stefan.eissing@greenbytes.de> wrote:
>> Today I had the second user which got "400 Bad Request" when using mod_h2 with a
wildcard certificate. So, I was thinking how to possibly fix the code in mod_ssl.
>>
>> The mostly harmless approach is the addition of a configuration directive that admins
may use to explicitly allow multiple host requests on a SNI connection. Which would mean that
both the config of the SNI host and the config of the request host have "SSLSNIVHostMatch
off".
>>
>> The case where no Host header is provided or no SNI is used I propose to leave unaffected,
e.g. continue to fail.
>>
>> Any thoughts?
>
> Maybe matching against the ServerName and ServerAlias(es) instead of
> the Host header, so that the admin can still have a control on it...

E.g. by using ap_matches_request_vhost(r, SNI, 0).

Mime
View raw message