On Thu, Aug 10, 2017 at 9:21 AM, Reindl Harald <h.rei...@thelounge.net> wrote:
> it also would solve the chicken-egg-problem (again, without mod_md) that you
> first need the http-host working for the well-known verfication file and the
> path of the certificate could be easily pre-configured in the way of my
> example, just warn insteda a fatal error on reload when the certfile don't
> exist
> ____________________________________
> <VirtualHost *>
>  ServerName corecms.example.com
>  DocumentRoot "/www/corecms.example.com"
>  <If "%{PORT} == '443'">
>   SSLEngine On
>   SSLUseStapling Off
>   SSLCertificateFile "conf/ssl/corecms.pem"
>  </If>
>  <Directory "/www/corecms.example.com">
>   php_admin_value open_basedir "/www/corecms.example.com"
>   php_admin_value upload_tmp_dir "/www/corecms.example.com/uploadtemp"
>  </Directory>
> </VirtualHost>

This doesn't work, of course, owing to server_rec members such as scheme
and port. If these moved to the addrs member, and we tracked the current
vhost by server_rec and individual addrs array member in 2.next, then we
may be able to resolve this (but that is not an insignificant patch.)

Note your misuse of 443 as the sentinel, it prevents your certificate file
and your stapling choice from affecting h2 requests on port 80.

Reply via email to