On Wed, August 19, 2020 3:33 am, Hisacro Root wrote: > On Tue, Aug 18, 2020 at 09:28:18PM -0400, trondd wrote: >> The bug here is in how additional listen lines interact with the >> remaining >> configuration. The first listen line in a server block gets the tls >> block >> and it doesn't get applied to the second listen line. Except for certs >> and keys which are handled differently for SNI. > > I rechecked, you're right. In TLS block except for key & certificate, > sub domain server (or the server defined at last) inherits config from > previously defined one (in example config, main server). > > Is it worthy of a bug or could be confusion on configs? >
Yeah. I would. It's confusing. Clearly there is an inconsistency in tls parameter handling when there is both a new ip/port and an SNI host defined in the same server block. I'm not a C programmer so deciphering what's going on would take me a while.
