> My problem ist that SNI breaks my in older apaches working configuration > which looked like this: > > Listen 10.137.1.104:9901 > <VirtualHost 10.137.1.104:9901> > SSLEngine on > SSLCertificateFile /etc/apache2/conf/www.aaa.at.crt > SSLCertificateKeyFile /etc/apache2/conf/www.aaa.at.key > Include conf/www.aaa.misc > </VirtualHost> > > Listen 10.137.1.104:9902 > <VirtualHost 10.137.1.104:9902> > SSLEngine on > SSLCertificateFile /etc/apache2/conf/www.aaa.de.crt > SSLCertificateKeyFile /etc/apache2/conf/www.aaa.de.key > Include conf/www.aaa.misc > </VirtualHost> > > Listen 10.137.1.104:9903 > NameVirtualHost 10.137.1.104:9903 > <VirtualHost 10.137.1.104:9903> > Include conf/www.aaa.misc > </VirtualHost> > > www.aaa.misc: > ServerName www.aaa.de > ServerAlias www.aaa.at > > In my opinion SNI misuses the ServerName/ServerAlias directives, because in > the documentation it is clearly stated: "Unless a NameVirtualHost directive > is used for the exact IP address and port pair in the VirtualHost directive, > Apache selects the best match only on the basis of the IP address (or > wildcard) and port number." > (http://httpd.apache.org/docs/2.2/vhosts/details.html) and therefore it's a > bug. What's the full apachectl -S look like on that config? What was the local host:port the connection was on? What SNI hostname was sent? What certificate was selected? Which certificate do you expect to be selected, and why? -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|