On Fri, May 14, 2010 at 4:51 PM, Reinhard Vicinus <r.vici...@metaways.de> wrote: > Hi, > > is the following behaviour of apache 2.2.15 (debian unstable) a feature or a > bug? > > Listen 10.0.0.1:81 > <VirtualHost 10.0.0.1:81> > SSLEngine on > SSLCertificateFile /etc/apache2/conf/aaa.crt > SSLCertificateKeyFile /etc/apache2/conf/aaa.key > > ServerName aaa > </VirtualHost> > > Listen 10.0.0.2:81 > <VirtualHost 10.0.0.2:81> > SSLEngine on > SSLCertificateFile /etc/apache2/conf/bbb.crt > SSLCertificateKeyFile /etc/apache2/conf/bbb.key > > ServerName aaa > </VirtualHost> > > >> curl https://bbb:81 > SSL: certificate subject name 'aaa' does not match target host name 'bbb' > >> curl https://10.0.0.2:81 > SSL: certificate subject name 'aaa' does not match target host name > '10.0.0.2' > > if i remove or change the ServerName directive so that they differ then it > works as expected and certificate bbb is returned. If i switch the order of > the virtual host configuration certificate bbb is also used if i query > 10.0.0.1:81. >
SNI finds the right name-based vhost based on the normal name-based mechanisms (ServerName/ServerAlias), then uses the cert it finds there -- it doesn't find the right vhost by looking at your certificates. -- Eric Covener cove...@gmail.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
