>>>>> "MJ" == Mathieu Jondet <[EMAIL PROTECTED]> writes:
MJ> Depending on the vh requested I set the SSLCertificateFile and MJ> SSLCertificateKeyFile which will point to the correct ssl files for the MJ> requested vh. You can't do this with name-based vhosts. To present the proper SSL certificate, you have to do it at the connection time (before any data, including the desired host name is sent to you), and you can only do that with unique IP addresses or unique port numbers per vhost. Yes, this sucks. The people who invented SSL were not very forward thinking. What they should have done is what is done now with TLS in SMTP. You connect to the same port, but issue a "STARTTLS" command to switch over to secured mode. With this type of scheme, the header info with the desired host could be in the initial request, so then you could pick the right certificates to use. Alas, the HTTP protocol doesn't work this way as far as I can tell. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
