httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Axel-Stéphane SMORGRAV <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] SSL reverse proxy question
Date Mon, 25 Apr 2005 07:20:51 GMT
 Problem is that if you cannot read the request before the SSL handshake, it means that during
the SSL handshake Apache does not know which of the three certificates to present to the client
since it has not been able to read the Host header yet. Apache will attribute the request
to the first of the virtual hosts that matches the IP address and present the certificate
of that one to the client.

Therefore you cannot use SSL with Named Virtual Hosts.

-ascs

-----Message d'origine-----
De : Andrea Palmieri [mailto:palmieri@eng.it] 
Envoyé : vendredi 22 avril 2005 14:41
À : users@httpd.apache.org
Objet : Re: [users@httpd] SSL reverse proxy question

You are not mistaken....the three CA certificates would match the three servers name...where
is the problem ?
Do you have any other idea ?

Andrea



----- Original Message -----
From: "David Lang" <dlang@invendra.net>
To: <users@httpd.apache.org>
Sent: Friday, April 22, 2005 3:03 PM
Subject: Re: [users@httpd] SSL reverse proxy question


> I didn't think you could use name-based virtual hosts with SSL since the
> server cert needs to match the hostname requested and the server won't see
> the request until after the SSL session is established (at least with
> SSL2/3)
>
> am I mistaken?
>
> David Lang
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message