> I propose the following patch: > > http://people.apache.org/~rjung/patches/vhost-pr54948-part2.patch > > Caution: I did not really understand that code, but tracked what > happened during digesting the broken config using additional log output. > The original patch for PR54948 not only removed the unwanted internal > duplicates but also dropped the 443 part from any ":80 :443" VirtualHost. > > Someone knowing this code better should confirm, whether my addition is > correct or whether PR54948 should be fixed in a different way. > > IMHO the current 2.4.5 code is really broken and we should either > release the code with r1485675 reverted or an additional fix on top. > > The config that was broken is our ASF www.apache.org config. Version > 2.4.5 ignored the 443 part of most of the ":80 :443" vhosts, more > precisely all except for the default vhost and the first internally > processed one. Since the first processed one was the last declared one, > which was originally meant as a fall through catch all, that vhost now > handled all 443 traffic.
I applied this to trunk after running into an unrelated NVH issue and sorting through some of the confusing structures again. But I looked closer at the infra config, and I cannot simulate it without also adding "listen 443 http" otherwise mod_ssl complains that the <vh *:80 *:443> doesn't have a cert. Do you know this works on www.a.o?
