mod_gnutls: NameVirtualHost gets wrong Cert
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Oct 15 22:04:12 CEST 2008
On Wed 2008-10-15 04:59:39 -0400, Sebastien Decugis wrote:
> According to your configuration file, you are using two virtualhosts
> with the same IP address and different names. It is impossible to
> use https in this configuration.
This is no longer the case with modern TLS clients, and the poster has
a legitimate question. For example, for years now people have been
able to use a single certificate with a single TLS service (on a
single port of a single IP address) with all target names listed in an
X.509v3 SubjectAltName extension in the certificate itself.
But the OP is asking about being able to switch certificates based on
the host name, which is a TLS extension known as "Server Name
Indication". Please see:
http://tools.ietf.org/html/rfc4366#section-3.1
The question is very much relevant to gnutls, since mod_gnutls is one
of the first apache modules to implement support for this extension.
Sorry i don't have any answers myself!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20081015/de18e587/attachment.pgp>
More information about the Gnutls-devel
mailing list