On 2015-03-14 19:39, Hugo Osvaldo Barrera wrote: > On 2015-03-14 23:34, Peter Hessler wrote: > > httpd does not yet support SNI. You will need to either wait, use a > > wildcard SSL cert, or use different ports/IPs. > > > > > > Oh, I hadn't checked that for SNI. I'll have to wait then; multiple IPv4 > addresses are expensive, and CAs will charge for wildcard certs. :( > > Is SNI on the roadmap already? >
Oh, never mind, I found it: https://github.com/reyk/httpd/issues/17 Sorry for the noise. Cheers! > Thanks, > > > On 2015 Mar 14 (Sat) at 19:26:31 -0300 (-0300), Hugo Osvaldo Barrera wrote: > > :Hi, > > : > > :I've only just recently started moving from nginx to httpd (I *loved* the > > :config syntax by the way!). > > : > > :I'm having an issue with httpd presenting the wrong TLS certificate for a > > :client - it seems to be defaulting always to the first entry, ignoring all > > :laters ones. > > : > > :Here's my narrowed down test config: > > : > > : server "hugo.barrera.io" { > > : alias "barrera.io" > > : listen on * tls port 1443 > > : root "/sites/hugo.barrera.io" > > : tls certificate "/var/www/tls/hugo.barrera.io/chain.crt" > > : tls key "/var/www/tls/hugo.barrera.io/ssl.key" > > : } > > : > > : server "calendar.barrera.io" { > > : listen on * tls port 1443 > > : root "/sites/calendar.barrera.io" > > : tls certificate "/var/www/tls/calendar.barrera.io/chain.crt" > > : tls key "/var/www/tls/calendar.barrera.io/ssl.key" > > : } > > : > > :On both scenarios, httpd is presenting the TLS certificate for > > :hugo.barrera.io. > > : > > :Any hints? Did I do something wrong? Did I hit a bug? > > : > > :Thanks, > > : > > :-- > > :Hugo Osvaldo Barrera > > :A: Because we read from top to bottom, left to right. > > :Q: Why should I start my reply below the quoted text? > > : > > :[demime 1.01d removed an attachment of type application/pgp-signature which > had a name of signature.asc] > > : > > > > -- > > Harrisberger's Fourth Law of the Lab: > > Experience is directly proportional to the amount of equipment > > ruined. > > -- > Hugo Osvaldo Barrera > A: Because we read from top to bottom, left to right. > Q: Why should I start my reply below the quoted text? > > [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] > -- Hugo Osvaldo Barrera A: Because we read from top to bottom, left to right. Q: Why should I start my reply below the quoted text? [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
