https://issues.apache.org/bugzilla/show_bug.cgi?id=55326
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Hardware|Other |All OS|Linux |All --- Comment #1 from Kaspar Brand <[email protected]> --- (In reply to falco from comment #0) > If you additionally add the old directive, it works just fine: > > SSLProxyEngine on > SSLProxyCheckPeerName off > SSLProxyCheckPeerCN off > RewriteRule /status/(.*) https://$1/server-status [P] > > But I do not think that this is intentional if SSLProxyCheckPeerName > supersedes SSLProxyCheckPeerCN. It is intentional, see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslproxycheckpeercn: "In 2.4.5 and later, SSLProxyCheckPeerCN has been superseded by SSLProxyCheckPeerName, and its setting is only taken into account when SSLProxyCheckPeerName off is specified at the same time." SSLProxyCheckPeerName supersedes SSLProxyCheckPeerCN as far as the default settings are concerned. Turning off hostname checking for proxied https content mostly indicates a misunderstanding of the primary purpose of SSL (authentication), so I think it wouldn't be a good idea if "SSLProxyCheckPeerName off" would silently disable SSLProxyCheckPeerCN at the same time. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
