Hello,
I use pound as SSL accelerator and I have problem with SNI.
In my configuration SNI works only with common names and ignore
alternative names.
For example, I have configuration like that:
ListenHTTPS
Address 0.0.0.0
Port 443
Cert "www.aaa.pl.crt"
Cert "www.bbb.pl.crt"
CAlist "geotrust.ca"
VerifyList "geotrust.ca"
Service
BackEnd
Address 127.0.0.1
Port 80
Priority 1
End
End
End
and certificates like:
openssl x509 -in www.aaa.pl.crt -text -noout
CN=www.aaa.pl
X509v3 Subject Alternative Name:
DNS:www.aaa.pl, DNS:aaa.pl
openssl x509 -in www.bbb.pl.crt -text -noout
CN=www.bbb.pl
X509v3 Subject Alternative Name:
DNS:www.bbb.pl, DNS:bbb.pl
This configuration works fine for:
www.aaa.pl
aaa.pl
www.bbb.pl
but for bbb.pl pound offers certificate for www.aaa.pl
Is it some bug in my configuration or pound does not support alternative
names?
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
