Hi,
Im trying to setup a concept with Stunnel as a client and Apache with HTTPS at server side.
My error logs is saying:
AH02032: Hostname 192.168.2.200 provided via SNI and hostname
www.sunet.se provided via HTTP are different
Even if Im using "SSLStrictSNIVHostCheck Off". I've tried in the virtual host directive in the SSL-file and in the httpd.conf file. It seems to be discarding that configuration…
However, if I remove that from "ssl_engine_kernel.c", everything works.
How can I disable this without changing and recompiling ?
Source code:
#ifndef OPENSSL_NO_TLSEXT
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
char *host, *scope_id;
apr_port_t port;
apr_status_t rv;
/*
* The SNI extension supplied a hostname. So don't accept requests
* with either no hostname or a different hostname.
*/
if (!r->hostname) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02031)
"Hostname %s provided via SNI, but no hostname"
" provided in HTTP request", servername);
return HTTP_BAD_REQUEST;
}
rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
if (rv != APR_SUCCESS || scope_id) {
return HTTP_BAD_REQUEST;
}
if (strcasecmp(host, servername)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
"Hostname %s provided via SNI and hostname %s provided"
" via HTTP are different", servername, host);
return HTTP_BAD_REQUEST;
}
|
Daniel Lilienberg
Architect Connectivity Foundation
|