https://issues.apache.org/bugzilla/show_bug.cgi?id=56353
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |FixedInTrunk Status|NEEDINFO |NEW Version|2.4-HEAD |2.4.9 --- Comment #3 from Kaspar Brand <[email protected]> --- (In reply to hanno from comment #2) > Yeah, patch fixes it, everything seems back to normal. Will re-test with my > real server setup, but local tests seem fine. Thanks for testing/confirming. I have committed this to trunk with r1585918 and proposed for backport to 2.4.x in r1585922. > > (Note that for an SNI setup, it doesn't make much sense to have global-level > > SSLCertificate[Key]File settings - the default cert should simply go into > > the first VirtualHost block.) > > No, that doesn't work. If I set no global cert and have vhosts without their > own cert apache simply won't start. (log says "SSL Library Error: > error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate > assigned") It's not yet clear to me what the use for this is - SNI is mostly about configuring an individual cert for each VirtualHost (not multiple vhosts sharing the same cert), so I wonder why you need globally configured "fallback" SSLCertificate[Key]File directives. Can you perhaps give more details on the rationale for such a setup? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
