> Sorry, no time to respond in detail for a day or two, this'll have to
> do.
>
> If you have your system misconfigured so that security credentials are
> unavailable, that is a security issue, not a configuration issue.
>
> A principal tenant of security is: "if something's broke, stop. NEVER
> silently downgrade."
No service either way right? Either the site doesn't come up because it is
misconfigured, or it doesn't come up because you deem this a security issue.
So it doesn't matter if we call it a configuration issue or a security issue
for that site.
But that shouldn't kill OTHER sites.
The issue is, what about all the other sites? That aren't on the same IP
address? You've killed them all under this scenario.
>
> Perhaps if Apache provided a way to "disable" a single virtual server...
> but it doesn't. So the tenant above forces a full-stop on the whole
> thing.
Yeah, an admitted weakness in the design of Apache then. Microsoft IIS
doesn't do this (duck and run for cover). If I restart all IIS web services
and a given IP/SSL site has a problem, the others will still come up. So
let's head off the discussion early of how this is a "feature" :)
>
> Admittedly, the error messages could be better. That's a truisim in the
> computer field. :)
Um yeah, consider this a feature request at a minimum ;)
Chris
> /r$
>
> PS: Nothing stopped you from bringing up a separate server on a
> different port with all but the SSL vhost removed....
Oh yea there is. httpd will not start with the SSL gak it doesn't like in
the config. It should skip it and refuse to do anymore for that IP.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
