On Wed, Sep 19, 2018 at 6:39 AM Stefan Eissing <stefan.eiss...@greenbytes.de>
wrote:

>
> > Am 18.09.2018 um 15:44 schrieb Houser, Rick <rick.hou...@jackson.com>:
> >
> > In the same vein, I’ve been running this patch on our builds to get
> around a warning for certificates not matching the hostname.  Certificates
> are not expected to match the hostname with many load balancing/uptime
> detection schemes, and this one logs a LOT when it trips on every vhost.
> Perhaps this patch should share the same fate as decided for the TLS
> missing SNI issue?
>
> Not sure I understand your setup here. Is this the ServerName from the
> global server? Otherwise, in a VirtualHost why would you not set the
> ServerName to the hostname you are serving?


Envision a TCP load balancer routing TLS-crypted traffic across a number
of internal hosts, with each of the named virtual hosts presenting the
correct
certificate, and known to httpd by their ServerAlias on the outer-facing
interface.
Not terminated at the edge balancer.

There is the issue of keeping TLS session key encoding in sync across
the backends, obviously.

Reply via email to