On 03-jul-09, at 10:14, Michiel van Es wrote: >> Thanks for the update! >> Do I have something special to let the virtual hosts bind to their >> ip-adresses or let it work that if I go to >> https://webmail.pcintelligence.nl I got the >> webmail.pcintelligence.nl cert >> https://www.pcintelligence.nl I get the www.pcintelligence.nl cert ? >> >> I still get the default cert. > > Do I have to enable something when I use ./configure or do I have to > change something in the cherokee-admin menu? > Or am I doing something wrong by running 2 SSL virtual hosts within 1 > cherokee webserver running with 2 ip-adresses?
You are doing nothing wrong, actually. The server can run listening as many NICs and IPs as you wish. What you are seeing is Cherokee's fault (sort of). Thing is.. the SSL/ TLS handshake is happening before the virtual server rule list is evaluated, and therefore the default certificate is used. The only two options I can think of (besides the SNI support) are: - Issue a re-handshake whenever we detect a situation where the wrong certificates were used at the initial SSL connection. - Perform a few big and nasty changes in the server architecture in order to support this sort of old IP-based SSL configuration. I must confess I don't fancy this option, not even a little bit. -- Greetings, alo http://www.alobbs.com/ _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
