> -----Original Message----- > From: Stefan Eissing [mailto:[email protected]] > Sent: Mittwoch, 16. September 2015 11:38 > To: [email protected] > Subject: Re: 2.4.17-protocols-http2/ - SNI issue > > Good point. Limited online today. If someone wants to give this a shot, > please. > > > Am 16.09.2015 um 11:36 schrieb Yann Ylavic <[email protected]>: > > > > On Wed, Sep 16, 2015 at 11:24 AM, Plüm, Rüdiger, Vodafone Group > > <[email protected]> wrote: > >> > >>> -----Original Message----- > >>> From: Steffen > >>> Sent: Mittwoch, 16. September 2015 11:14 > >>> To: [email protected] > >>> Subject: 2.4.17-protocols-http2/ - SNI issue > > [] > >>> > >>> [ssl:error] [pid 3428:tid 3952] AH02032: Hostname www.apachelounge.com > >>> provided via SNI and hostname www.apachelounge.com provided via HTTP > >>> are different > >> > >> The above is very weird as both times we see www.apachelounge.com. Can > you please check the logs with some kind of hex tool if there is really no > difference between both strings? The logic to detect a difference in the > code is just a usual strcasecmp. So I sense some hidden characters > somewhere, which might give us a hint where things go really wrong.
Ahh I did miss that he used Stefans branch and not the 2.4.x branch. > > > > ISTM that the test should be: > > if (strcasecmp(host, servername) > > || (sslconn->server > > && !ssl_util_vhost_matches(host, sslconn->server))) > > > > instead of: > > if (strcasecmp(host, servername) > > || !sslconn->server > > || !ssl_util_vhost_matches(host, sslconn->server)) > > > > Not sure sslconn->server isn't NULL here for the first request. I shouldn't be. Maybe setting the loglevel to Debug could help to see the other SNI stuff that was going on before and if it correctly identified the correct vhost via SNI. Regards Rüdiger
