Re: other/9871: Server presents wrong certificate with NameVirtualHost
Aaron Bannert wrote: Since the Host: header is part of the encrypted stream, it is not known to the server by the time the cert is required to establish an SSL connection. For this reason it is not possible to do name-based virtual hosting w/ SSL. Perhaps we should make this an explicit failure condition in the mod_ssl code? Name virtual hosting with SSL does work if you have a wildcard certificate - as long as that cert is valid for all the different possible name virtual hosts for the reason you describe above. For this reason I would say leave it as it is. Regards, Graham -- - [EMAIL PROTECTED]There's a moon over Bourbon Street tonight... smime.p7s Description: S/MIME Cryptographic Signature
Re: other/9871: Server presents wrong certificate with NameVirtualHost
On Tue, Feb 19, 2002 at 01:54:19PM +0200, Graham Leggett wrote: Name virtual hosting with SSL does work if you have a wildcard certificate - as long as that cert is valid for all the different possible name virtual hosts for the reason you describe above. For this reason I would say leave it as it is. Can we detect if a wildcard cert applies to a vhost? If not, perhaps this feature is not explicit enough in the docs? -aaron
Re: other/9871: Server presents wrong certificate with NameVirtualHost
On Tue, Feb 19, 2002 at 06:31:35AM -, George Mitchell wrote: With multiple virtual hosts sharing one IP address (named virtual hosts), the SSL module always presents the certificate from the first NameVirtualHost regardless of the Host: in the request from the client. However, the data which gets served comes from the proper VirtualHost DocumentRoot. Since the Host: header is part of the encrypted stream, it is not known to the server by the time the cert is required to establish an SSL connection. For this reason it is not possible to do name-based virtual hosting w/ SSL. Perhaps we should make this an explicit failure condition in the mod_ssl code? -aaron
