[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mod_gnutls: NameVirtualHost gets wrong Cert
From: |
Daniel Kahn Gillmor |
Subject: |
Re: mod_gnutls: NameVirtualHost gets wrong Cert |
Date: |
Wed, 15 Oct 2008 16:04:12 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Wed 2008-10-15 04:59:39 -0400, Sebastien Decugis wrote:
> According to your configuration file, you are using two virtualhosts
> with the same IP address and different names. It is impossible to
> use https in this configuration.
This is no longer the case with modern TLS clients, and the poster has
a legitimate question. For example, for years now people have been
able to use a single certificate with a single TLS service (on a
single port of a single IP address) with all target names listed in an
X.509v3 SubjectAltName extension in the certificate itself.
But the OP is asking about being able to switch certificates based on
the host name, which is a TLS extension known as "Server Name
Indication". Please see:
http://tools.ietf.org/html/rfc4366#section-3.1
The question is very much relevant to gnutls, since mod_gnutls is one
of the first apache modules to implement support for this extension.
Sorry i don't have any answers myself!
--dkg
pgpwGseBgrCOQ.pgp
Description: PGP signature