Eric Covener wrote:
well the patch is out there a long time ... distros package it with apache so, while it may not be currently a part of apache's official release yet, i don't think its a wise thing to wait for the official sni apache and then wait even more for a sni patch to mod_vhost_alias.On Sat, Mar 7, 2009 at 5:03 PM, pavel.stratil-jun@xxxxxxxx <pavel.stratil-jun@xxxxxxxx> wrote:Hi, With SNI it is now possible to use more certificates with one ip address. Unfortunately there's no mod_vhost_alias support (and I'm not aware of a workaround). So, assuming I use "VirtualDocumentRoot /var/www/vhosts/%-2.1/%-2.0.%-1.0/htdocs/%-3+/" to map example.com --> /var/www/vhosts/e/example.com/htdocs/_ anything.example.com --> /var/www/vhosts/e/example.com/htdocs/anything I'd need VirtualSSLCertificateFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.crt VirtualSSLCertificateKeyFile /var/www/vhosts/%-2.1/%-2.0.%-1.0/ssl.key or some workaround. Anybody got any ideas? Devs, would this be possible to implement? Similarly, is there a solution to avoid multiple entries like <Directory /var/www/vhosts/e/example.com> php_admin_value open_basedir /tmp:/var/www/vhosts/e/example.com </Directory> in a mod_vhost_alias-like way?Seems like a dead if you're trying to use different certificates on the same IP:port combination. There's no SNI support in a released version of Apache, so the certificate is presented before anything can see a hostname (Host: header is available after, and nobodies reading the TLS extension containing the servername)
refference: http://people.apache.org/~fuankg/diffs/httpd-2.2.x-sni.diff --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|