On Wed, Mar 21, 2007 at 11:10:33AM +0100, Papp Tamas wrote: > On Wed, Mar 21, 2007 at 10:38:35AM +0100, Kosa Attila wrote: > > On Wed, Mar 21, 2007 at 10:12:43AM +0100, Papp Tamas wrote: > > > On Wed, Mar 21, 2007 at 10:04:32AM +0100, Kosa Attila wrote: > > > > - Lehetseges name based virtual hostot csinalni https-en is, de > > > > csak egyetlen certificate-et fog tudni mutatni a szerver minden > > > > virtual hosthoz. > > > > > > Igen, es mindig az elsonek megadott vhost fog feljonni, nem? > > > > Nem. > > Miert, szerinted melyik?
Amelyiknek a nevere hivatkoznak a http keres header Host mezojeben. > > > Magyarul ugyanazon a porton es ip-n nem lehet 2 https vhost. > > > > Lehet. > > Tuti. Biztosan lehet. Talan erdemes lenne elolvasni nehany dolgot, mielott kotozkodesse fajulna a thread: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html The reason is very technical, and a somewhat "chicken and egg" problem. The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this, mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to go to the correct virtual server Apache has to know the Host HTTP header field. To do this, the HTTP request header has to be read. This cannot be done before the SSL handshake is finished, but the information is needed in order to complete the SSL handshake phase. Bingo! Tehat mukodik a dolog, de csak egyetlen certificate-et tud mutatni a szerver, mert az ssl handshake korabban jon letre, mint a http kapcsolat. De az ssl handshake utan mar a http gond nelkul mukodik. -- Udvozlettel Zsiga _________________________________________________ linux lista - [email protected] http://mlf2.linux.rulez.org/mailman/listinfo/linux
