[Help-gnutls] Re: Unknown type '0' for SNI: 'foo.domain.bar'
Simon Josefsson
simon at josefsson.org
Mon Aug 20 23:30:40 CEST 2007
FYI, I cc'ed the list. Please keep the cc, it may help others with the
same problem in the future.
"jesse keys" <jessekeys at googlemail.com> writes:
> Thanks for your reply,
> here we go with some background information:
>
> 2.6.20-cks1-r1 on a gentoo x86_64 box, 3700+, 2GB RAM
>
> Apache: 2.2.4
>> ldap ssl -debug -doc -mpm-event -mpm-itk -mpm-peruser -mpm-prefork -mpm-worker -no-suexec (-selinux) -static-modules -threads
>
> Gnutls: 1.6.3
>> zlib -doc -nls
>
> mod_gnutls 0.2.0
>> ssl
>
> I start apache with:
> -D SUEXEC -D PHP5 -D USERDIR -D INFO -D GNUTLS
>
> and the vhosts look like that:
>
>
> <IfDefine GNUTLS>
> <VirtualHost ip:443>
> ServerName foo.bar.com
> DocumentRoot "/var/www/localhost/htdocs/foo"
>
> <Directory "/var/www/localhost/htdocs/foo">
> Options FollowSymLinks -SymLinksIfOwnerMatch Indexes
> Order allow,deny
> Allow from all
> AllowOverride All
> </Directory>
>
> <IfDefine SUEXEC>
> SuexecUserGroup apache apache
> </IfDefine>
>
> CustomLog /var/log/apache2/foo_log combined
>
> GnuTLSEnable on
> GnuTLSCertificateFile /etc/apache2/ssl/server.crt
> GnuTLSKeyFile /etc/apache2/ssl/server.key
>
> </VirtualHost>
> </IfDefine>
>
>
> I even found this piece of code in the source
>
> if (sni_type != GNUTLS_NAME_DNS) {
> ap_log_error(APLOG_MARK, APLOG_CRIT, 0,
> ctxt->c->base_server,
> "GnuTLS: Unknown type '%d' for SNI: " "'%s'", sni_type, sni_name);
> return NULL;
> }
>
> but can't figure out what it means or how I could fix it.
Try changing the first line into:
if ((sni_type + 1) != GNUTLS_NAME_DNS) {
and recompile mod_gnutls. That should make it work.
I don't understand how anyone could get the current code to work
though. If someone is actually successfully using mod_gnutls with SNI,
it would help if s/he could test whether the patch in my last e-mail
breaks anything.
/Simon
More information about the Gnutls-help
mailing list