https://issues.apache.org/bugzilla/show_bug.cgi?id=56353
Bug ID: 56353
Summary: SNI not working correctly when certificate is defined
in global scope
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
I found a regression but in the behaviour certificates get loaded in apache
2.4.9. The same issue does not appear in 2.4.7 and is therefore a regression.
When one defines a certificate in the global scope (outside any VirtualHost),
all hosts deliver that certificate.
Example config:
SSLCertificateFile /etc/apache2/certs/test1.crt
SSLCertificateKeyFile /etc/apache2/certs/test1.key
<VirtualHost *:443>
ServerName test1.local
DocumentRoot /var/www/test1/
SSLEngine On
</VirtualHost>
<VirtualHost *:443>
ServerName test2.local
DocumentRoot /var/www/test2/
SSLEngine On
SSLCertificateFile /etc/apache2/certs/test2.crt
SSLCertificateKeyFile /etc/apache2/certs/test2.key
</VirtualHost>
What should happen: The first vhost (test1.local) should deliver test1.crt and
the second host (test2.local) should deliver test2.crt.
However, what happens is that both hosts deliver test1.crt.
It gets even weirder when one adds certificate chains. They still get delivered
by vhosts. So if I e.g. add a certificate chain to test2.local in this example,
I'll get test1.crt with the chain defined in test2.local.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
