Am 09.04.2014 23:31, schrieb Daniel Kahn Gillmor:
On 04/09/2014 10:55 AM, Olaf Zaplinski wrote:
I have a problem with SNI.
I have 3 name based vhosts with GnuTLS.
I think you're stalking about apache with mod_gnutls.
Correct.
I'm sending this response to [email protected] since
that's a better place for apache-related mod_gnutls questions. please
follow up there.
OK. But I will keep this list on CC, ok?
it does sound like there might be an SNI matching issue that we could
tighten up (presumably we'd want to take the most-specific match
possible, rather than the first-matching cert).
I found a blog mentioning that GnuTLS has problems with subjectAltName:
http://jan-krueger.net/development/mod_gnutls-and-startssl-level-1-certificates-the-problem-and-solution
Sounds like my problem: GnuTLS chooses the "wrong" certificate.
Olaf
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
