** Description changed: According to http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL it should be possible to supply individual pem file per virtual host. And it partially works. For example, I have 2 virtual hosts configured: $HTTP["host"] =~ "^example1\.org$" { - ssl.pemfile = "/etc/lighttpd/example1.pem" - server.document-root = "/www/example1/" - server.error-handler-404 = "/index.php" + ssl.pemfile = "/etc/lighttpd/example1.pem" + server.document-root = "/www/example1/" + server.error-handler-404 = "/index.php" } $HTTP["host"] =~ "^example2\.org$" { - ssl.pemfile = "/etc/lighttpd/example2.pem" - server.document-root = "/www/example2/" + ssl.pemfile = "/etc/lighttpd/example2.pem" + server.document-root = "/www/example2/" } After doing sudo service lighttpd force-reload I can access, for example, https://example1.org/ and it will be with proper certificate, but if I access https://example2.org/, it will use certificate from example1.org. If I force-reload again and access https://example2.org/ first, it will be fine, but https://example1.org/ will use example2.org's certificate. So, the problem is that SNI implementation is broken. Instead of picking pem file configured per each virtual host, lighttpd picks pem file for - first accessed virtual host and uses it for every other virtual host for - which ssl.pemfile is configured. For all other virtual hosts the defaul - server-wide pem file is used, which is perfectly fine. + first accessed virtual host and uses it for every other virtual host. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: lighttpd 1.4.26-1.1ubuntu3.1 ProcVersionSignature: Ubuntu 2.6.32-55.117-server 2.6.32.61+drm33.26 Uname: Linux 2.6.32-55-server x86_64 Architecture: amd64 Date: Sun Jan 26 16:07:17 2014 InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64 (20110211.1) ProcEnviron: - PATH=(custom, no user) - LANG=en_US.UTF-8 - SHELL=/bin/bash + PATH=(custom, no user) + LANG=en_US.UTF-8 + SHELL=/bin/bash SourcePackage: lighttpd
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1272891 Title: Problem with Server Name Indication (SNI) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lighttpd/+bug/1272891/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
