Re: ssl certifikate mismatch

[Kevin Castellow <kev.castellow@xxxxxxxxx>]

>From my experience the configuration file is a top down processing.  If you repeat a setting multiple times it will usually take the last setting.
In this example it wouldn't surprise me if you repeat the setting of virtual server with the same value, it returns an error trying to match the certificate name on the second certificate.

If the virtual server name is not used the reverse DNS lookup finds the appropriate name equivalent to the ip address.

Kevin
http://kevincastellow.workintel.com

On Fri, May 14, 2010 at 4:51 PM, Reinhard Vicinus <r.vicinus@xxxxxxxxxxx> wrote:

Hi,

is the following behaviour of apache 2.2.15 (debian unstable) a feature or a bug?

Listen 10.0.0.1:81
<VirtualHost 10.0.0.1:81>
 SSLEngine on
 SSLCertificateFile /etc/apache2/conf/aaa.crt
 SSLCertificateKeyFile /etc/apache2/conf/aaa.key

 ServerName aaa
</VirtualHost>

Listen 10.0.0.2:81
<VirtualHost 10.0.0.2:81>
 SSLEngine on
 SSLCertificateFile /etc/apache2/conf/bbb.crt
 SSLCertificateKeyFile /etc/apache2/conf/bbb.key

 ServerName aaa
</VirtualHost>


> curl https://bbb:81
 SSL: certificate subject name 'aaa' does not match target host name 'bbb'

> curl https://10.0.0.2:81
 SSL: certificate subject name 'aaa' does not match target host name '10.0.0.2'

if i remove or change the ServerName directive so that they differ then it works as expected and certificate bbb is returned. If i switch the order of the virtual host configuration certificate bbb is also used if i query 10.0.0.1:81.

Thanks in advance
Reinhard

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
 "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx