You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/05/22 08:47:44 UTC

[Bug 54656] SNI and SSLProxyCheckPeerCN based on "connection" instead of "request" hostname

https://issues.apache.org/bugzilla/show_bug.cgi?id=54656

EugeneL <eu...@amazon.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |NEEDINFO

--- Comment #2 from EugeneL <eu...@amazon.com> ---
Discussions on dev@httpd.apache.org last month suggests that backend webservers
behind reverse proxies should be obeying HTTP standards by always returning
certs that has a CN equal to the Host: header.

A next action should be to correct the ProxyPreserveHost documentation to warn
users against this new default behavior in 2.4

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org