You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Hajo Locke <ha...@gmx.de> on 2011/02/21 10:09:14 UTC
[users@httpd] Re: ssl-vhost-mixing issue
Hello,
>> Apache 2.2.14
>> Hello List,
>> have a question to ssl and two vhosts.
>> i have 2 ip-based vhosts for enabling ssl for one domain in httpd.conf
>> <VirtualHost ip1.ip1.ip1.ip1:443>
>> Servername example.com
>> SSLCertificateFile crt1
>> </VirtualHost>
>> <VirtualHost ip2.ip2.ip2.ip2:443>
>> Servername example.com
>> SSLCertificateFile crt2
>> </VirtualHost>
>> document-root and Servername for the two vhosts are identical. i do this
>> to
>> switch the domain to a new ip and new certificate at the same time
>> without
>> downtime by DNS.
>> ip1 and crt1 are the new ones.
>> Now i can view an odd behaviour.
>> I call https://example.com which is pointing still to old ip2 and old
>> certificate crt2. Now i view details of certificate in browser and wonder
>> that i can sea details of crt1, but crt1 belongs to the other vhost with
>> other ip.
>> seems that always the crt from the first vhost with same servername is
>> loaded. if i turn around order of the both vhosts and ip2 comes before
>> ip1
>> in httpd.conf then all is ok and details of crt2 are displayed.
>> Is this an expected behaviour? Seems to me that Apache is mixing some
>> VHost
>> Params in this Case. Bug or expected?
Nobody has an opinion about this issue? I think this is critical. Either a
bug in apache or a bug in my conf. my conf seems clean, i cannot solve this.
it should be impossible that apache is mixing vhost-special directives. i
can reproduce this on demand.
Hajo
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
Posted by Eric Covener <co...@gmail.com>.
> Nobody has an opinion about this issue? I think this is critical. Either a
> bug in apache or a bug in my conf. my conf seems clean, i cannot solve this.
> it should be impossible that apache is mixing vhost-special directives. i
> can reproduce this on demand.
It's hard to tell which IP-based vhost you should have hit, or did
hit, since you didn't specify which IP you connected to and you didn't
log separately or show _all_ of your vhosts.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
Posted by Hajo Locke <ha...@gmx.de>.
>
> See https://issues.apache.org/bugzilla/show_bug.cgi?id=43218#c5
>
> It will work if you use a different ServerName (even varying the port
> would fix it) in the vhost with a different cert.
>
> Regards, Joe
ahh, a bug.
changing port to non-standard would solve this problem but cause others...
i did some scripting and now writing vhost with active ip always as first
one in conf.
This solves this problem for me...
Thanks,
Hajo
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
Posted by Joe Orton <jo...@redhat.com>.
On Mon, Feb 21, 2011 at 10:09:14AM +0100, Hajo Locke wrote:
> >><VirtualHost ip1.ip1.ip1.ip1:443>
> >> Servername example.com
> >> SSLCertificateFile crt1
> >></VirtualHost>
>
> >><VirtualHost ip2.ip2.ip2.ip2:443>
> >> Servername example.com
> >> SSLCertificateFile crt2
> >></VirtualHost>
See https://issues.apache.org/bugzilla/show_bug.cgi?id=43218#c5
It will work if you use a different ServerName (even varying the port
would fix it) in the vhost with a different cert.
Regards, Joe
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
Posted by Krist van Besien <kr...@gmail.com>.
On Mon, Feb 21, 2011 at 10:09 AM, Hajo Locke <ha...@gmx.de> wrote:
>
> Nobody has an opinion about this issue? I think this is critical. Either a
> bug in apache or a bug in my conf. my conf seems clean, i cannot solve this.
> it should be impossible that apache is mixing vhost-special directives. i
> can reproduce this on demand.
You don't have a NameVirtualHost directive?
What happens if you enter https://ip2.ip2.ip2.ip2 in your browser?
Krist
--
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org