[Bug 56068] New: VirtualHost nameserver ignored when matching host name using SSL

Mon, 27 Jan 2014 04:42:04 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=56068

            Bug ID: 56068
           Summary: VirtualHost nameserver ignored when matching host name
                    using SSL
           Product: Apache httpd-2
           Version: 2.2.15
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]

I struggled for couple hours with this issue, here's how to replicate
on a server with hostname: dev.myserver.com, create 2 VirtualHost entries:

<VirtualHost *:80 *:443>
  ServerName dev.myserver.com
  ServerAlias dev2.myserver.com
</VirtualHost>

<VirtualHost *:80 *:443>
  ServerName dev3.myserver.com
</VirtualHost>

all 3 hosts dev.myserver.com dev2.myserver.com dev3.myserver.com map to same IP
address.
A wildcard certificate with CN=*.myserver.com is installed on the server.

Inside httpd.conf main section, the ServerName entry is commented and
UseCanonicalName is Off

If you try to hit the server over HTTP, using http://dev.myserver.com or
http://dev2.myserver.com or http://dev3.myserver.com , it goes into the correct
VirtualHost.
However
If you try to hit the server over HTTPS, using https://dev.myserver.com or
https://dev2.myserver.com or https://dev3.myserver.com, only
https://dev2.myserver.om and https://dev3.myserver.com will enter inside the
VirtualHost, the first will match against the main entry in httpd.conf and try
to retrieve content from the default directory, not from the VirtualHost entry.

so the problem is that over HTTP, the VirtualHost entry with ServerName being
the same as the hostname is honored however over HTTPS, the VirtualHost entry
with ServerName same as the hostname is ignored.

Running SSL with LogLevel=debug, we can see effectively that even without the
VirtualHost entry with ServerName equal to host name, the call to
https://dev.myserver.com will show that it matches against VirtualHost,
although it only matched again the main section of httpd.conf

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to