[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61081] per-domain SNI (to override per-vhost SNI)


--- Comment #2 from felipe@xxxxxxxxxxxxxxxx ---
(In reply to Eric Covener from comment #1)
> (In reply to felipe from comment #0)
> > Currently there is no way to associate an SSL certificate with a specific
> > FQDN unless that FQDN is the only one on its virtual host.
> Is this true? The code looks like it scans ServerAlias entries
> (ssl_util_vhost_matches) to use the SNI name to map to an SSL vhost config.

This associates the certificate with the vhost, not with an individual FQDN. So
all FQDNs on the vhost have to share a single certificate.

What I’m proposing is a means to decouple the vhost logic from SNI matching: if
there’s a matching NameBasedSNI entry for the cert/key, then use that;
otherwise, do business as usual.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx