On 04/09/2014 10:55 AM, Olaf Zaplinski wrote: > I have a problem with SNI. > > I have 3 name based vhosts with GnuTLS.
I think you're stalking about apache with mod_gnutls. I'm sending this response to [email protected] since that's a better place for apache-related mod_gnutls questions. please follow up there. > jne.example.com runs with a certificate *.example.com from CA #1 > alice.example.net runs with certificate alice.example.net from CA #2 > bob.example.com runs with certificate bob.example.com from CA #2 > > In fact, joe is my (Debian) default host with config file > /etc/apache2/sites-available/default-tls > > The two first hosts work fine, but host bob presents the certificate > from joe. It works because this certificate is a wildcard one, but I > would like to know why GnuTLS refuses to present the certificate that I > had configured. can you be more specific about apache, mod_gnutls, and your configuration? it would help to know: * version information (of apache, of gnutls, of mod_gnutls) * concrete configuration file excerpts that you think might be relevant. it does sound like there might be an SNI matching issue that we could tighten up (presumably we'd want to take the most-specific match possible, rather than the first-matching cert). Regards, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
