www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Bannert <aa...@clove.org>
Subject Re: other/9871: Server presents wrong certificate with NameVirtualHost
Date Tue, 19 Feb 2002 07:20:01 GMT
The following reply was made to PR other/9871; it has been noted by GNATS.

From: Aaron Bannert <aaron@clove.org>
To: george+apache@m5p.com
Cc: apbugs@Apache.Org, dev@httpd.apache.org
Subject: Re: other/9871: Server presents wrong certificate with NameVirtualHost
Date: Mon, 18 Feb 2002 23:15:41 -0800

 On Tue, Feb 19, 2002 at 06:31:35AM -0000, George Mitchell wrote:
 > With multiple virtual hosts sharing one IP address (named virtual hosts),
 > the SSL module always presents the certificate from the first NameVirtualHost
 > regardless of the Host: in the request from the client.  However, the data
 > which gets served comes from the proper VirtualHost DocumentRoot.
 
 Since the Host: header is part of the encrypted stream, it is not
 known to the server by the time the cert is required to establish an
 SSL connection.  For this reason it is not possible to do name-based
 virtual hosting w/ SSL.
 
 Perhaps we should make this an explicit failure condition in the
 mod_ssl code?
 
 -aaron

Mime
View raw message