Two things:
1. the minimal thing to fix the situation is to return 421 instead of 400. H2
clients will then open a new TLS connection for the request host. I don't know
if this breaks any HTTP/1 clients, however it should not.
2. Given that we answer not matching combinations with 421, the
On Thu, Jun 11, 2015 at 4:33 PM, Stefan Eissing
stefan.eiss...@greenbytes.de wrote:
Two things:
1. the minimal thing to fix the situation is to return 421 instead of 400. H2
clients will then open a new TLS connection for the request host. I don't
know if this breaks any HTTP/1 clients,
Yes, it will work with the cert checks, not without. Sorry, if that was
confusing.
Am 11.06.2015 um 17:56 schrieb Yann Ylavic ylavic@gmail.com:
On Thu, Jun 11, 2015 at 4:33 PM, Stefan Eissing
stefan.eiss...@greenbytes.de wrote:
Two things:
1. the minimal thing to fix the
Today I had the second user which got 400 Bad Request when using mod_h2 with
a wildcard certificate. So, I was thinking how to possibly fix the code in
mod_ssl.
The mostly harmless approach is the addition of a configuration directive that
admins may use to explicitly allow multiple host
On Wed, Jun 10, 2015 at 5:30 PM, Yann Ylavic ylavic@gmail.com wrote:
On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing
stefan.eiss...@greenbytes.de wrote:
Today I had the second user which got 400 Bad Request when using mod_h2
with a wildcard certificate. So, I was thinking how to possibly
On Wed, Jun 10, 2015 at 5:48 PM, Yann Ylavic ylavic@gmail.com wrote:
On Wed, Jun 10, 2015 at 5:30 PM, Yann Ylavic ylavic@gmail.com wrote:
On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing
stefan.eiss...@greenbytes.de wrote:
Today I had the second user which got 400 Bad Request when using
On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing
stefan.eiss...@greenbytes.de wrote:
Today I had the second user which got 400 Bad Request when using mod_h2
with a wildcard certificate. So, I was thinking how to possibly fix the code
in mod_ssl.
The mostly harmless approach is the addition