You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2009/05/19 22:41:14 UTC
DO NOT REPLY [Bug 41537] name-based virtual hosts using SSL
https://issues.apache.org/bugzilla/show_bug.cgi?id=41537
David Miller <ju...@mozilla.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |justdave@mozilla.com
--- Comment #8 from David Miller <ju...@mozilla.com> 2009-05-19 13:41:11 PST ---
How about a configuration option to disable the warning? Due to the
complexities of how it's set up, as you noted, it frequently gets
misconfigured. As such, it makes sense to warn by default, to at least get you
to look it over. But when you *do* have it configured correctly, it's pretty
annoying to continually get error messages in your logs complaining that your
setup is broken, when it really isn't. This type of situation is increasingly
common in modern setups, and there are almost no browsers left in common usage
that *don't* support both wildcard certs and subjectAltName.
On a server with an OV SSL wildcard cert:
>[Tue May 19 13:30:49 2009] [warn] RSA server certificate CommonName (CN) `*.mozilla.org' does NOT match server name!?
>[Tue May 19 13:30:49 2009] [warn] Init: SSL server IP/port conflict: foo.mozilla.org:443 (/etc/httpd/conf/domains/foo.conf:17) vs. bar.mozilla.org:443 (/etc/httpd/conf/domains/bar.conf:11)
>[Tue May 19 13:30:49 2009] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org