On Wed, Apr 11, 2018 at 1:07 PM, Yann Ylavic <[email protected]> wrote: > On Wed, Apr 11, 2018 at 7:03 PM, Joe Orton <[email protected]> wrote: >> Like this? Is this likely to break some other currently-working config? >> >> Index: modules/ssl/ssl_engine_init.c >> =================================================================== >> --- modules/ssl/ssl_engine_init.c (revision 1828914) >> +++ modules/ssl/ssl_engine_init.c (working copy) >> @@ -261,7 +261,8 @@ >> * the protocol is https. */ >> if (ap_get_server_protocol(s) >> && strcmp("https", ap_get_server_protocol(s)) == 0 >> - && sc->enabled == SSL_ENABLED_UNSET) { >> + && sc->enabled == SSL_ENABLED_UNSET >> + && (!apr_is_empty_array(sc->server->pks->cert_files))) { >> sc->enabled = SSL_ENABLED_TRUE; >> } > > So now your configuration would work because the second vhost wouldn't > have SSL enabled? > But doesn't the user want SSL on this vhost in the first place?
If they worked before, it seems like they were relying on a handshake with the default VH for the NVH -- which they still get? -- Eric Covener [email protected]
