httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "pavel.stratil-jun@fenix.cz" <pavel.stratil-...@fenix.cz>
Subject Re: [users@httpd] mod_vhost_alias + ssl
Date Sat, 07 Mar 2009 22:49:34 GMT
Eric Covener wrote:
> On Sat, Mar 7, 2009 at 5:03 PM, pavel.stratil-jun@fenix.cz
> <pavel.stratil-jun@fenix.cz>  wrote:
>    
>> Hi,
>>
>> With SNI it is now possible to use more certificates with one ip address.
>> Unfortunately there's no mod_vhost_alias support (and I'm not aware of a
>> workaround). So, assuming I use "VirtualDocumentRoot
>> /var/www/vhosts/%-2.1/%-2.0.%-1.0/htdocs/%-3+/"  to map
>>
>> example.com -->    /var/www/vhosts/e/example.com/htdocs/_
>> anything.example.com -->    /var/www/vhosts/e/example.com/htdocs/anything
>>
>> I'd need
>>
>> VirtualSSLCertificateFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.crt
>> VirtualSSLCertificateKeyFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.key
>>
>> or some workaround. Anybody got any ideas? Devs, would this be possible to
>> implement? Similarly, is there a solution to avoid multiple entries like
>>
>> <Directory /var/www/vhosts/e/example.com>
>> php_admin_value open_basedir /tmp:/var/www/vhosts/e/example.com
>> </Directory>
>>
>> in a mod_vhost_alias-like way?
>>      
>
> Seems like a dead if you're trying to use different certificates on
> the same IP:port combination. There's no SNI support in a released
> version of Apache, so the certificate is presented before anything can
> see a hostname (Host: header is available after, and nobodies reading
> the TLS extension containing the servername)
>
>    
well the patch is out there a long time ... distros package it with 
apache so, while it may not be currently a part of apache's official 
release yet,
i don't think its a wise thing to wait for the official sni apache and 
then wait even more for a sni patch to mod_vhost_alias.
refference: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-sni.diff

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message