osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

minor nit in mod_ssl


Just a quick question, if we can reach consensus here:

mod_ssl/ssl_engine.kernel.c, 353: logs ERR (APLOGNO(02033)) when strict_sni_vhost_check is enabled and a request comes in without SNI. 

Question: is a downgrade from ERR to INFO/DEBUG backportable or do we consider this a break of compatibility?


Rationale: This is annoying me in my logs where I scan for errors daily. While I can filter this out, I'd rather have the server behave better by default. The requests at my server are done by scanners, who monitor responses on port 443. Nothing I can do about and they will not go away.

Cheers,

Stefan