Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 81481 invoked from network); 14 Feb 2008 21:31:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Feb 2008 21:31:25 -0000 Received: (qmail 44181 invoked by uid 500); 14 Feb 2008 21:31:12 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 44131 invoked by uid 500); 14 Feb 2008 21:31:12 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 44119 invoked by uid 99); 14 Feb 2008 21:31:12 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Feb 2008 13:31:12 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with SMTP; Thu, 14 Feb 2008 21:30:35 +0000 Received: (qmail 81264 invoked by uid 2161); 14 Feb 2008 21:30:54 -0000 Received: from [192.168.2.4] (euler.heimnetz.de [192.168.2.4]) by cerberus.heimnetz.de (Postfix on SuSE Linux 7.0 (i386)) with ESMTP id C8EE41721C for ; Thu, 14 Feb 2008 22:30:45 +0100 (CET) Message-ID: <47B4B319.7040304@apache.org> Date: Thu, 14 Feb 2008 22:31:05 +0100 From: Ruediger Pluem User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080201 SeaMonkey/1.1.8 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: svn commit: r627699 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c References: <20080214102411.CAD641A9832@eris.apache.org> <47B4A5E0.6020409@apache.org> <533FAD88-3827-4F63-B822-1F529DE69E2D@webweaving.org> In-Reply-To: <533FAD88-3827-4F63-B822-1F529DE69E2D@webweaving.org> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org On 02/14/2008 09:46 PM, Dirk-Willem van Gulik wrote: > > On Feb 14, 2008, at 9:34 PM, Ruediger Pluem wrote: > >> server on this IP/port pair. IMHO SNI in SSL should be handled the >> same way as usual >> name based virtual hosts in the HTTP case. This may mean that we need >> to add another >> server_rec field to the conn_rec struct that contains s and that >> mod_ssl needs to >> work with this field instead of base_server. But to be honest I >> haven't analysed >> this further. > > My test suggest that it does the right thing - but I understand your > concern -- and have not tried your senario in a wider case. Though my > guess this still behaves correct ? Unfortunately I won't be able to dive > into this in the next few days. Feel free back this change out if you > think it break things - or hack on it :) It is not super critical. Agreed. From a first checking I see the following difference in behaviour between SNI / HTTP name based virtual hosts (NBVH): ap_log_cerror: SNI: Logs to error_log of vhost with correct SNI name as soon as we adjusted base_server. NBVH: Logs to error log of the first vhost Timeout: SNI: Timeout for request reading after a keepalive is set to the value of the vhost that handled the request before. NBVH: Timeout for request reading after a keepalive is set to the value of the first vhost. mod_dbd (ap_dbd_cacquire): SNI: Takes its config from vhost with correct SNI name as soon as we adjusted base_server. NBVH: Takes its config from the first vhost. Regards RĂ¼diger