https://bz.apache.org/bugzilla/show_bug.cgi?id=57810
Jean-Luc Duprat <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- OS|Mac OS X 10.1 |Linux --- Comment #1 from Jean-Luc Duprat <[email protected]> --- I am trying to access a URL via https through both the regular URL and one that ends with a trailing dot: example.com example.com. The reason the second case matters is URLs reported by DNS-SD have the trailing dot appended. See http://www.dns-sd.org/trailingdotsindomainnames.html I have a certificate that contains the the subject's common name as CN=example.com and the following SANs: X509v3 Subject Alternative Name: DNS:example.com, DNS:www.example.com, DNS:example.com., DNS:www.example.com. I am using Name-based Virtual Host Support, with the virtual host section looking like so: <VirtualHost *:443> Options None ServerName example.com ServerAlias www.example.com ServerAlias example.com. ServerAlias www.example.com. [...] </VirtualHost> CSP and HSTS are disabled. When trying to connect to example.com. I get the following error: [ssl:error] [pid 22158] AH02032: Hostname example.com. provided via SNI and hostname example.com provided via HTTP are different All desktop browsers I've tried (Firefox, Chrome, Safari) drop the trailing dot on the the name for the HTTP request. Since the URL is generated by service discovery I have no control over it. The clients also behave consistently. The only way to get this to work would be for apache to allow for this minor difference between the SNI and HTTP hostnames. Would such a patch be considered for inclusion? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
