https://bz.apache.org/bugzilla/show_bug.cgi?id=69397
--- Comment #3 from Ruediger Pluem <[email protected]> --- (In reply to Joe Orton from comment #1) > I'm not sure why it was implemented like that but it looks like it is always > global in scope. I think it should be disallowed within VirtualHost. Hm. The report above seems to indicate otherwise. It does not look global to me. ssl_find_vhost does an SSL_set_SSL_CTX using sc->server->ssl_ctx and this is where ssl_ctx_param sets the settings of SSLOpenSSLConfCmd via SSL_CONF_cmd. This seems to be virtual host specific. Isn't the issue that initially you end up in the default host and only after the SNI callback was executed you end up in the correct name based virtual host? What if the SSL protocol is set to none in the default virtualhost via SSLOpenSSLConfCmd ? Would that even prevent processing the SNI extensions provided by the client and thus switching to the virtualhost that allows more protocols? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
