https://bz.apache.org/bugzilla/show_bug.cgi?id=61519

--- Comment #13 from Eric Covener <cove...@gmail.com> ---
(In reply to Reindl Harald from comment #12)
> i doubt that "SSLengine optional" is STARTTLS, for sure not when you type
> https:// in your browser - anyways, irrelevant, the port is just plain wrong
> because with https:// the browser definitly don't connect to port 80 at all

The manual says it's for starrtls, which you're not using, but it's what makes
the absolute basics of your specific config appear to work until a redirect is
generated.

> and this all is a real problem because it introuces all sorts of hidden
> troubles and currently the only solution would be configure the whole
> <VirtualHost> twice which don't scale for larger setups

It works for nearly everyone else.

> 
> i don't know the internals but they should not be that complex to begin with
> that in this context any problems can be triggered when a client just calls
> "https://example.com/myfolder"; because the fact that it was https is
> obviously known, the port itself is known on the network layer and
> REQUEST_SCHEME is pretty simple known by the fact of "HTTPS on" is correct


In the context of STARTTLS it seems reasonable. Optional was poorly named, but
it was clearly never meant to be used for requests that already negotiated SSL
at the connection level (in a default vhost).


> what happens when you have <VirtualHost *:80 *:81 *:82> without https part
> of the game? does then also 80 "win" and why when it's pretty simple to konw
> the port by the fact that there is a socket connection and config-guessing
> is pretty useless because of that

No, the port or absence of a port in the Host: header "wins".  Even getting the
port right is surprisingly not as simple as you'd think.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to