On Sat, 28 Sep 2002, Chris Allen wrote:
> Hey all,
>
> I am missing something in my understanding. Many people have asked this
> question countless times.
> Is this something that mod_ssl needs or is this a apache(etc) related
> problem? Is there ever going to be a way to do name based virtual hosting
> with apache and mod_ssl?
It is the nature of the SSL/TLS protocol. The entire payload is encrypted.
The only key available for determining which key to use for decrypting the
payload is the target IP address.
To expose some portions of the HTTP header, i.e. the Host: entity, would
require a change to the SSL/TLS protocol. In turn, this would require
changes to mod_ssl, Apache, and all other web server software. In addition,
it would require changes to every web gateway, proxy, and browser in extent.
> "because the Hostname is not known by the server at the time it should
> present the certificate."
>
> Surely this isnt as trivial as it sounds? How about we let the server know
> the hostname?
It's not trivial.
Merton Campbell Crockett
>
> ----- Original Message -----
> From: "Harald Koch" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, September 27, 2002 10:12 PM
> Subject: Re: Is anyone doing this!?!
>
>
> >
> > Of all the gin joints in all the towns in all the world, Tim Tassonis
> > had to walk into mine and say:
> > >
> > > If you are talking about Name Based Virtual Hosts (same ip:port, but
> > > different names) you are out of luck. You can't present different
> > > certificates with Name Based Virtual Hosts, because the Hostname is not
> > > known by the server at the time it should present the certificate.
> >
> > SubjectAltName?
> >
> > --
> > Harald Koch <[EMAIL PROTECTED]>
> >
> > "It takes a child to raze a village."
> > -Michael T. Fry
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
BEGIN: vcard
VERSION: 3.0
FN: Merton Campbell Crockett
ORG: General Dynamics Advanced Information Systems;
Intelligence Solutions
N: Crockett;Merton;Campbell
EMAIL;TYPE=internet: [EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref: +1(805)497-5045
TEL;TYPE=pager,msg: +1(877)528-0049
TEL;TYPE=fax,work: +1(805)497-5050
TEL;TYPE=cell,voice,msg: +1(805)377-6762
END: vcard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
