----------------------------------------
> Date: Sat, 23 Nov 2013 08:18:14 -0500
> Subject: Re: ssl_die() and pool cleanup
> From: [email protected]
> To: [email protected]
>
>> So, if the sanity check is skipped for the _default_ host, or there is a
>> better way to set the ServerName of the _default_ host, which I don't know
>> yet, then this wouldn't be affected.
>
> I don't think any behavior should be based on _default_ vs. *.
>
> Your scenario probably works the same with the first VH as "*" simply
> because it's the first listed NVH.
You are right, there should be no difference between _default_ vs. *.
Yet, this does not change the fact, that you have to explicitly set a
ServerName for the first VH, different to the CN in the certificate. Otherwise
all requests would be served by the first VH, instead of the other ones.
If mod_ssl would decline VH's with a nonmatching ServerName, then a
configuration with a <VirtualHost :80 :443> would be impossible without a
wildcard certificate, at least to my knowledge.
