[Bug 55326] New: SSLProxyCheckPeerName not working in conjunction with mod_rewrite

bugzilla Mon, 29 Jul 2013 08:21:59 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=55326


            Bug ID: 55326
           Summary: SSLProxyCheckPeerName not working in conjunction with
                    mod_rewrite
           Product: Apache httpd-2
           Version: 2.4.6
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]

The new directive SSLProxyCheckPeerName has no effect when using the proxy
functionality of rewrite_module.

Steps to reproduce:
 - Setup configuration like this on host a.example.org:

   SSLProxyEngine on
   SSLProxyCheckPeerName off
   RewriteRule /status/(.*) https://$1/server-status [P]

 - When trying to access host b via host a ...
   http://a.example.org/status/b

   mod_ssl raises an error:
   AH02005: SSL Proxy: Peer certificate CN mismatch: Certificate CN:
b.example.org Requested hostname: b


If you additionally add the old directive, it works just fine:

   SSLProxyEngine on
   SSLProxyCheckPeerName off
   SSLProxyCheckPeerCN off
   RewriteRule /status/(.*) https://$1/server-status [P]

But I do not think that this is intentional if SSLProxyCheckPeerName supersedes
SSLProxyCheckPeerCN.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 55326] New: SSLProxyCheckPeerName not working in conjunction with mod_rewrite

Reply via email to