Github user jacksontj commented on the pull request:
https://github.com/apache/trafficserver/pull/121#issuecomment-56850369
Correct, and I'm just trying to say that if you have non sni clients its
first match wins (which it says). The second part is that the same
functionality is in reverse for * scopes (last match wins) for non sni
clients
On Sep 25, 2014 10:03 AM, "James Peach" <notificati...@github.com> wrote:
> There's no such thing as a fallback; it's probably confusing to think of
> it in those terms. We index the certificate in order. In the case of name
> or address collisions, first certificate into the index is the winner. At
> lookup time, we search by SNI name, then by address. We always take the
> longs match, so an explicit name mapping beats a wildcard, and an
> address:port mapping beats an address mapping.
>
>
>
https://trafficserver.readthedocs.org/en/latest/reference/configuration/ssl_multicert.config.en.html#certificate-selection
>
> â
> Reply to this email directly or view it on GitHub
> <https://github.com/apache/trafficserver/pull/121#issuecomment-56849830>.
>
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
