Package: apache2.2-common Version: 2.2.9-10+lenny3 Severity: wishlist Tags: patch
/etc/apache2/ports.conf says: <IfModule mod_ssl.c> # SSL name based virtual hosts are not yet supported, therefore no # NameVirtualHost statement here Listen 443 </IfModule> But name-based SSL virtual hosts are actually supported. What is not supported, is to have several certificates: the first one is always presented, as, at this moment, the server does not know what virtual host to serve. I suggest this modification, to let the user know the advantages and disadvantages to use name-based or address-based virtual hosts: <IfModule mod_ssl.c> # SSL name based virtual hosts will all use the first certificate declared. # Further certificate declarations are simply ignored, so you should use # either certificates with wildcards or alternative names (SubjectAltName), # or address-based virtual hosts. NameVirtualHost *:443 Listen 443 </IfModule> -- Package-specific info: List of enabled modules from 'apache2 -M': alias auth_basic authn_file authz_default authz_groupfile authz_host authz_user autoindex cgi dir env mime negotiation php5 setenvif status userdir -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-mpm-prefork 2.2.9-10+lenny3 Apache HTTP Server - traditional n apache2 recommends no packages. apache2 suggests no packages. Versions of packages apache2.2-common depends on: ii apache2-utils 2.2.9-10+lenny3 utility programs for webservers ii libapr1 1.2.12-5 The Apache Portable Runtime Librar ii libaprutil1 1.2.12+dfsg-8+lenny2 The Apache Portable Runtime Utilit ii libc6 2.7-18 GNU C Library: Shared libraries ii libmagic1 4.26-1 File type determination library us ii libssl0.9.8 0.9.8g-15+lenny1 SSL shared libraries ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap ii net-tools 1.60-22 The NET-3 networking toolkit ii perl 5.10.0-19 Larry Wall's Practical Extraction ii procps 1:3.2.7-11 /proc file system utilities ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime -- no debconf information
--- ports.conf.old 2009-06-20 12:04:45.000000000 +0200 +++ ports.conf 2009-06-20 12:09:00.000000000 +0200 @@ -9,7 +9,10 @@ Listen 80 <IfModule mod_ssl.c> - # SSL name based virtual hosts are not yet supported, therefore no - # NameVirtualHost statement here + # SSL name based virtual hosts will all use the first certificate declared. + # Further certificate declarations are simply ignored, so you should use + # either certificates with wildcards or alternative names (SubjectAltName), + # or address-based virtual hosts. + NameVirtualHost *:443 Listen 443 </IfModule>