On Wed, Dec 8, 2010 at 11:13 AM, <breg@xxxxxxxx> wrote: > > Just to make it clear: > What I perceived as a .. quirky behaviour of apache was that it did _not_ > throw an error when https://not-ssl-configured-domain.xx is requested. > How to run several https domains with one IP was not my challenge. > > / Bernd > > Until the incoming request has been received and decrypted, apache has no clue that the domain requested was 'not-ssl-configured-domain.xx'. That's kind of the point of SSL. In order to decrypt the request, apache must handshake with the client, passing certificates to the client indicating what the host is. This happens before the client sends any information about the request. Apache determines which vhost to use to send certificates from based on the ip:port, since no other information is available. Because of this, if you have two hosts, www.hosta.com and www.hostb.com, that resolve to the same IP address, and configure SSL for www.hosta.com, then requesting www.hostb.com via SSL will connect and handshake using certificates from www.hosta.com and serve data from the www.hosta.com vhost. It's not quirky, it's a direct consequence of how things work, and without changing how SSL works it will always work that way. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|