Hi Olaf, Am 09.04.2014 23:47, schrieb Olaf Zaplinski: > Am 09.04.2014 23:31, schrieb Daniel Kahn Gillmor: >> On 04/09/2014 10:55 AM, Olaf Zaplinski wrote: >>> I have a problem with SNI. >>> >>> I have 3 name based vhosts with GnuTLS. >> >> I think you're stalking about apache with mod_gnutls. > > Correct. > >> I'm sending this response to [email protected] since >> that's a better place for apache-related mod_gnutls questions. please >> follow up there. > > OK. But I will keep this list on CC, ok? > >> it does sound like there might be an SNI matching issue that we could >> tighten up (presumably we'd want to take the most-specific match >> possible, rather than the first-matching cert). > > I found a blog mentioning that GnuTLS has problems with subjectAltName: > > http://jan-krueger.net/development/mod_gnutls-and-startssl-level-1-certificates-the-problem-and-solution > > > Sounds like my problem: GnuTLS chooses the "wrong" certificate. Could you please check if you can install the latest mod_gnutls from trunk? Some issues with VHosts were fixed with 0.6 but being bleeding-edge might be worth a try. > > Olaf > Regards, BenBE.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
