On Tue, Feb 19, 2002 at 06:31:35AM -0000, George Mitchell wrote: > With multiple virtual hosts sharing one IP address (named virtual hosts), > the SSL module always presents the certificate from the first NameVirtualHost > regardless of the Host: in the request from the client. However, the data > which gets served comes from the proper VirtualHost DocumentRoot.
Since the Host: header is part of the encrypted stream, it is not known to the server by the time the cert is required to establish an SSL connection. For this reason it is not possible to do name-based virtual hosting w/ SSL. Perhaps we should make this an explicit failure condition in the mod_ssl code? -aaron
