-------- Original Message -------- Subject: Re: [Cherokee] question about several ssl enabled virtual hosts From: Alvaro Lopez Ortega <[email protected]> To: Michiel van Es <[email protected]> Date: 07/03/2009 10:25 AM
> On 03-jul-09, at 10:14, Michiel van Es wrote: > >>> Thanks for the update! >>> Do I have something special to let the virtual hosts bind to their >>> ip-adresses or let it work that if I go to >>> https://webmail.pcintelligence.nl I got the >>> webmail.pcintelligence.nl cert >>> https://www.pcintelligence.nl I get the www.pcintelligence.nl cert ? >>> >>> I still get the default cert. >> Do I have to enable something when I use ./configure or do I have to >> change something in the cherokee-admin menu? >> Or am I doing something wrong by running 2 SSL virtual hosts within 1 >> cherokee webserver running with 2 ip-adresses? > > > You are doing nothing wrong, actually. The server can run listening as > many NICs and IPs as you wish. > > What you are seeing is Cherokee's fault (sort of). Thing is.. the SSL/ > TLS handshake is happening before the virtual server rule list is > evaluated, and therefore the default certificate is used. > > The only two options I can think of (besides the SNI support) are: > > - Issue a re-handshake whenever we detect a situation where the wrong > certificates were used at the initial SSL connection. > > - Perform a few big and nasty changes in the server architecture in > order to support this sort of old IP-based SSL configuration. I must > confess I don't fancy this option, not even a little bit. I am using firefox 3 and a recent openssl on my server..why is the newer method not working for me and I must use the old setup? I mean: would you find it acceptable if you connect to a server but got the wrong SSL certificate (a certificate of another server). What is the use of certificates if the name not match? And how would you tell the difference with a man in the middle attack? Perhaps I am seeing it al wrong but what do I have to do to get no certificate warning with cherokee and my setup? :) > > -- > Greetings, alo > http://www.alobbs.com/ Regards, Michiel > > _______________________________________________ > Cherokee mailing list > [email protected] > http://lists.octality.com/listinfo/cherokee _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
