On Wed, Jun 10, 2015 at 5:30 PM, Yann Ylavic <ylavic....@gmail.com> wrote: > On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing > <stefan.eiss...@greenbytes.de> wrote: >> Today I had the second user which got "400 Bad Request" when using mod_h2 >> with a wildcard certificate. So, I was thinking how to possibly fix the code >> in mod_ssl. >> >> The mostly harmless approach is the addition of a configuration directive >> that admins may use to explicitly allow multiple host requests on a SNI >> connection. Which would mean that both the config of the SNI host and the >> config of the request host have "SSLSNIVHostMatch off". >> >> The case where no Host header is provided or no SNI is used I propose to >> leave unaffected, e.g. continue to fail. >> >> Any thoughts? > > Maybe matching against the ServerName and ServerAlias(es) instead of > the Host header, so that the admin can still have a control on it...
E.g. by using ap_matches_request_vhost(r, SNI, 0).
