https://bz.apache.org/bugzilla/show_bug.cgi?id=58007
--- Comment #8 from Yann Ylavic <ylavic....@gmail.com> --- The SNI is compared against r->hostname, which is a parsed value of the original Host header (without the port, the trailing dots), supposedly SNI compatible... So I wonder if: 1) we should fix this, since clients are not supposed to dot FQDNs in SNI, 2) the SNI should be matched against the Host header instead of r->hostname (i.e. the fix belongs in mod_ssl only), 3) server/vhost.c::fix_hostname() should stop stripping the trailing dot. My personnal preference would be 3) since two hosts w/ and w/o the trailing dot (FQDN or not) are possibly not the same ones (and hence the same VirtualHosts). httpd could (theorically) be asked to handle them separately (or not), by using differents ServerNames (or one as ServerName, the other as ServerAlias). There is possibly a compatibility issue though by changing this at the vhost level, and this is beyond the SSL only scope. So we should probably go for 2) since browsers don't play "game" 1). I don't think we can be lenient and therefore ignore the trailing dot from SNIs, let's be consistent in a strict way. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
