Was "Re: SSLProxyCheckPeerCN / ProxyPreserveHost issue" So, what do folks think about adding this directive to use the connection hostname for SNI and the SSLProxyCheckPeerCN feature? Would such a directive be beneficial? It seems a number of users who use ProxyPreserveHost will benefit from this. It lets users revert to the behavior before the SNI change.
More details about the use-case here: https://issues.apache.org/bugzilla/show_bug.cgi?id=54656 Eugene Lam From: <Lam>, "Lam, Eugene" <euge...@amazon.com<mailto:euge...@amazon.com>> Reply-To: "dev@httpd.apache.org<mailto:dev@httpd.apache.org>" <dev@httpd.apache.org<mailto:dev@httpd.apache.org>> Date: Friday, March 8, 2013 6:27 PM To: "dev@httpd.apache.org<mailto:dev@httpd.apache.org>" <dev@httpd.apache.org<mailto:dev@httpd.apache.org>> Subject: Re: SSLProxyCheckPeerCN / ProxyPreserveHost issue Hi folks, I came across an old issue that was discussed previously under "SSLProxyCheckPeerCN / ProxyPreserveHost issue": http://mail-archives.apache.org/mod_mbox/httpd-dev/201209.mbox/%3c50462600.7010...@kippdata.de%3E However, I think I have found a legitimate use-case where I do want Apache to behave in the old way. I've detailed the use case in this new bugzilla issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=54656 Assuming that the new behavior since 2.4.3 will be the default going forward, I'm proposing a new directive [1] which would allow Apache in reverse proxy to use the connection hostname for SNI and SSLProxyCheckPeerCN instead of the Host: header. This directive will be added when ProxyPreserveHost is on. I'm curious what your thoughts are on the use case and this proposed directive. Eugene [1] https://issues.apache.org/bugzilla/attachment.cgi?id=30029 (I forgot to add a text extension, so please save it before opening)