httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Problem with NameVirtualHost and VirtualHost
Date Wed, 21 Nov 2007 15:59:33 GMT
> -----Original Message-----
> From: Gregor Schneider [mailto:rc46fi@googlemail.com] 
> Sent: Wednesday, November 21, 2007 11:32 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Problem with NameVirtualHost and 
> VirtualHost
> 
> hi krist,
> 
> 
> >
> > Are you sure? This looks like Apache behaving against its
> > specification in a big way.
> >
> I am sure since it's working as expected.
> 
> Afaik this issue has been discussed before, I just couldn't find it.
> 
> Against what specs should Apache behave? Any URL quoting those specs?
> 
> As I'm understanding it, Apache parses the URL of the request (after
> SSL-handshake ┬┤mumbling about a wrong cert) and then routes to the
> correct ServerAlias - I can't see what should be wrong in this
> behaviour.

That's about right... You didn't (mercifully :-) show us your complete config, but I'm guessing
you just used ServerAlias directives instead of ServerName. As far as VH resolution is concerned,
they are equivalent. You might get problems with redirect and self-referential URLs, however.

It is true that if you don't care about browser warnings, or that the session is encrypted
using the cert from the first VH only, then name-based VHing under SSL will *seem* to work.
It's fine for a test environment but this is no solution for the real world (would you type
your credit card number into a website that seemed to be called nice-shop.com but your browser
was complaining that the certificate was registered to evil-crook.com?)

It is worth emphasising that this "problem" is nothing specific to do with apache; it's a
fundamental feature of HTTP/HTTPS.
 
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> Again, if you have any sources stating different, please let me know.
> 
> Cheers
> 
> Gregor
> 
> 
> > Krist
> >
> >
> >
> >
> > --
> > krist.vanbesien@gmail.com
> > krist@vanbesien.org
> > Bremgarten b. Bern, Switzerland
> > --
> > A: It reverses the normal flow of conversation.
> > Q: What's wrong with top-posting?
> > A: Top-posting.
> > Q: What's the biggest scourge on plain text email discussions?
> >
> >
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP 
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> 
> 
> -- 
> what's puzzlin' you, is the nature of my game
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message