httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: SNI Host: header mismatch
Date Wed, 10 Jun 2015 15:30:26 GMT
On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing
<stefan.eissing@greenbytes.de> wrote:
> Today I had the second user which got "400 Bad Request" when using mod_h2 with a wildcard
certificate. So, I was thinking how to possibly fix the code in mod_ssl.
>
> The mostly harmless approach is the addition of a configuration directive that admins
may use to explicitly allow multiple host requests on a SNI connection. Which would mean that
both the config of the SNI host and the config of the request host have "SSLSNIVHostMatch
off".
>
> The case where no Host header is provided or no SNI is used I propose to leave unaffected,
e.g. continue to fail.
>
> Any thoughts?

Maybe matching against the ServerName and ServerAlias(es) instead of
the Host header, so that the admin can still have a control on it...

Mime
View raw message