DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=42929>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=42929 Summary: Apache display wrong port and wrong protocol when using HTTPS VirtualHosts Product: Apache httpd-2 Version: 2.2.3 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Summary: With a certain configuration of Virtual hosts with SSL Engine enabled, Apache beliefs the client is connecting to server port 80 with protocol HTTP, while in reality the client is connected to server port 443 with protocol HTTPS Steps to reproduce: 1. Install apache with mod_ssl and mod_info. 2. Create a SSL certificate. If you do it properly, create one with two hostnames (using the altSubjectName x509 parameter); however, if you don't mind clicking "yeah, I trust it, even though the hostname does not match" a couple of times, you can just use any self-signed certificate. 2. Configure httpd.conf as displayed in the attachment, httpd.error.conf: two name-based virtual hosts, listening on port 443. The first with SSL parameters, the second without SSL parameters. 3. For debugging, add SetHandler server-info. 4. Visit the URL with the servername in the second virtual hosts. E.g. http://www2.example.org/server-info if you use the names in httpd.error.conf 5. Read what is says underneath "Server Settings" > "Hostname/port" Expected result: I expected it to read "www2.example.org:443" Or I expected a critical error during start time of Apache because the configuration file is arguably inconsistent (see below) Actual result: It reads "www2.example.org:80" Notes: * With this configuration, Apache is not even listening to port 80! * If you would include mod_php, and add a script saying phpinfo();, you will see that the HTTPS parameter is not set. I expected it to be "on" * This "identity crisis" (wrong port, wrong protocol) results that a COPY request for webdav results in a 502 Bad Gateway error. * Note that virtual hosts with SSL is possible, as long as the same certificate is used for both vhosts (as in this case, using subjectAltName) Regression: There is an easy work-around. The "correct" configuration is listed in the attachment "httpd.good.conf". In here, both VirtualHosts do have "SSLEngine on", and the other SSL parameters are shared among all vhosts instances (in httpd.bad.conf, only the first vhost had SSL parameters, the second had none). I fully understand that mod_ssl does not have knownledge of virtual hosts at the time the SSL handshake is made. Presumably, it decides to use SSL or not based on the first vhost for a certain IP:port combination. That is fine, and I think perhaps desirable behaviour. What is undesirable that if port 443 and HTTPS is used in reality, Apache thinks that port 80 and HTTP is used. That should always be consistent. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
