https://bz.apache.org/bugzilla/show_bug.cgi?id=69743
--- Comment #32 from Eric Covener <[email protected]> --- > I don't think it's fixable on the httpd side, besides maybe adding a new > UnsafeNoSNIBypass flag to restore the old behaviour, which almost no one > would use... IIUC currently ssl_auth_compatible() will block the mismatched virtualhost for differing CA cert paths, but this shouldn't matter unless there is a relatively obscure TLS mutual auth. Would we even need a flag to allow that to default to the default VH and hop later during HTTP processing? There aren't many configs in this bug, but I am guessing a majority of affected people aren't changing the more problematic parts (e.g. ciphers). Maybe we can support this vanilla case where only the cert differs as in https://bz.apache.org/bugzilla/show_bug.cgi?id=69743#c2 It doesn't seem like ssl_server_compatible and the stuff it calls are used for much/anything else, but maybe it would call for an additional parameter passed down so we know what purpose the check is for. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
