Re: Virtual Hosts and SSL Puzzler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "users@xxxxxxxxxxxxxxxx" <users@xxxxxxxxxxxxxxxx>
Subject: Re: Virtual Hosts and SSL Puzzler
From: Yehuda Katz <yehuda@xxxxxxxxxx>
Date: Tue, 22 Oct 2013 10:14:02 -0400
In-reply-to: <52664E90020000B80004A029@aires.com>
Reply-to: users@xxxxxxxxxxxxxxxx

On Tue, Oct 22, 2013 at 10:08 AM, Chris Gordon <CGordon@xxxxxxxxx> wrote:

To answer your questions:

"Doesn't the SSLCertificate parameter for each VH say which cert to use?

Yes, but how does Apache know which VH to get the cert from until it has used a cert to decrypt the SSL? It just used the first cert in this case. IP Bases will get you around this. I said chicken - egg because Apache needs to read a header to know what VH to use but it can't read the header until it picks a vhost and uses the cert to decrypt the message.

As I already pointed out, this is not correct. SNI support has been included in Apache for years as have most browsers (except Windows XP).

- Y

References:
- Virtual Hosts and SSL Puzzler
  - From: Dennis Putnam
- Re: Virtual Hosts and SSL Puzzler
  - From: Chris Gordon
- Re: Virtual Hosts and SSL Puzzler
  - From: Dennis Putnam
- Re: Virtual Hosts and SSL Puzzler
  - From: Chris Gordon

Prev by Date: Re: Virtual Hosts and SSL Puzzler
Next by Date: Re: Virtual Hosts and SSL Puzzler
Previous by thread: Re: Virtual Hosts and SSL Puzzler
Next by thread: Re: Virtual Hosts and SSL Puzzler
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]

Powered by Linux