On Wed, Feb 26, 2014 at 2:45 PM, Ruediger Pluem <rpl...@apache.org> claimed:
> Even if they use IP/Port based virtual hosting the SNI name and supplied host > header should be consistent. For all incoming forward proxy requests your statement is complete nonsense. The Host: header consistently appears to reflect the hostname of the URI of the proxy request (as distinguish from httpd internal proxy requests).. Given that *.example.com is a perfectly valid host cert CN, as is foo.example.com while bar.example.com is the altname of the certificate, accessing bar.example.com MUST NOT break when upgrading from 2.2.25 to 2.2.27. I see no evidence that the users are being considered here, only the particular scenario advocated by a couple of pmc members. Our absolute policy is to minimize disruptions for users when they migrate from 2.2.x to 2.2.y, or from 2.4.x to 2.4.y. This test failsto meet that test for legitimate or for illegitimate (as deigned by yourself) configurations.
