On Fri, Feb 09, 2018 at 07:54:22PM +0100, Landry Breuil wrote:
> Hi,
> 
> on ftp.fr we use httpd on 6.2.
> 
> The config more or less looks like:
> 
> server "default" {
>         alias distfiles.bsdfrog.org
>         listen on egress port www
>         location "/*" {
>                 block return 301 "https://$SERVER_NAME$REQUEST_URI";
>         }
> 
> }
> 
> server "distfiles.bsdfrog.org" {
>         listen on egress tls port https
>         root "/distfiles"
> #       tls ticket lifetime 1800
>         tls certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
>         tls key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
> }
> 
> server "ftp.fr.openbsd.org" {
>         listen on egress port www
>         listen on egress tls port https
>         root "/mirror/ftp"
> #       tls ticket lifetime 1800
>         tls certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
>         tls key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
> }
> 
> 
> Which works fine with https on the different vhosts. But as soon as i 
> uncomment
> the tls ticket lifetime lines, httpd -nvv complains about configuration
> mismatch:
> 
> server_tls_load_keypair: using certificate /etc/ssl/pond.obspm.bsdfrog.org.crt
> server_tls_load_keypair: using private key 
> /etc/ssl/private/pond.obspm.bsdfrog.org.key
> /etc/httpd.conf:37: server "ftp.fr.openbsd.org": tls configuration mismatch 
> on same address/port

I think i've found the bug - it manifests only if there are 3 server
definitions sharing a cert, not with 2. Will dig further.

Landry

Reply via email to