You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/08/28 15:52:02 UTC

[Bug 60969] HTTP/2 & Certificate path can lead to 421

https://bz.apache.org/bugzilla/show_bug.cgi?id=60969

--- Comment #2 from jaroslav@thinline.cz ---
Also got hit by this. 

The most likely culprit is ssl_pk_server_compatible() in
modules/ssl/ssl_engine_kernel.c - it checks for compatibility between vhosts by
comparing certificate file name instead of certificate itself.

That leads to a situation where browser correctly decides (based on information
available to it, namely subject alternative names) that it can reuse existing
connection, but Apache disagrees and returns error 421.

(Some browsers try again as allowed by rfc7540 9.1.2, but some don't and show
the error to the user.)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org