https://issues.apache.org/bugzilla/show_bug.cgi?id=43218
--- Comment #5 from Joe Orton <[email protected]> 2011-02-12 10:10:39 EST --- This issue is a side-effect of some mod_ssl internals: mod_ssl caches the private key and certificate across restarts, so the passphrase for an encrypted privkey is not required after first startup. (Actually I don't know why it caches certs as well as privkeys, it seems unnecessary.) This dates way back in mod_ssl history and predates SNI support. Internally two hash tables "servername -> decoded cert" and "servername -> decoded key" are kept, so it is here that the ServerName uniqueness matters. It is certainly correct to be including the ports in the ServerName directive, and arguably a configuration error to not do so. If this leads to any confusion with proxy config perhaps the UseCanonical* settings also need tweaking. There is no obvious way to "fix" this situation; I think ideally it would be caught as a configuration error instead, rather than being silently accepted yet acting in a surprising fashion. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
