DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=34607>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34607 ------- Additional Comments From [EMAIL PROTECTED] 2007-03-07 02:27 ------- Created an attachment (id=19676) --> (http://issues.apache.org/bugzilla/attachment.cgi?id=19676&action=view) Patch for SNI support in Apache 2.2 or later For the sake of completeness, I'm attaching the modified version of Peter's patch, which I have been using on the test site mentioned above since April 2006. Here is a short overview of my modifications: 1) in set_ssl_vhost(), I've added checks for the ServerAlias directive, so that certificates with multiple dNSName entries in the subjectAltName extension can be used, too (these checks are reusing code from matches_aliases() in vhost.c); 2) #ifdef'd the warning "You should not use name-based virtual hosts in conjunction with SSL!!" - i.e. suppress this message if SNI support is compiled in; 3) in ssl_hook_Access(), limited the change of the SSL_CTX to the case where tlsext_hostname isn't set yet (in all other cases, leave it at the default VirtualHost - we no longer have to return HTTP_FORBIDDEN); 4) in ssl_hook_Fixup(), inserted an additional environment variable (TLS_SNI) which can be used later on to determine if (and what) SNI extension the client sent (e.g. in CGI scripts, or when using CustomLog); 5) adapted indentation (spaces instead of tabs). The diff is against 2.2.x, but applies cleanly against (and seems to work ok with) trunk, too. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
