git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: https vhosts


On Thu, May 24, 2018 at 2:08 PM, Stefan Eissing
<stefan.eissing@xxxxxxxxxxxxx> wrote:
>
>
>> Am 24.05.2018 um 14:07 schrieb Yann Ylavic <ylavic.dev@xxxxxxxxx>:
>>
>> On Thu, May 24, 2018 at 1:57 PM, Stefan Eissing
>> <stefan.eissing@xxxxxxxxxxxxx> wrote:
>>>
>>>> Am 24.05.2018 um 13:51 schrieb Yann Ylavic <ylavic.dev@xxxxxxxxx>:
>>>>
>>>> That'd work (and looks better than Stefan's SNI oriented proposal),
>>>> but I wish we had something working for non-SSL vhosts too,
>>>> UseDefaultVHost OFF|ON?
>>>
>>> Could work also, if this means that SSL connections with SNI are then
>>> aborted right away.
>>
>> Yes, I think that mod_ssl could handle the OFF case earlier, depending
>> on SNI vs vhost's ServerName/Alias.
>>
>>> As explained, I do want such hosts to simply not
>>> work with https:, and avoid a "not secure" warning first.
>>
>> Yes SSL is special, the "plain" case is worth it too IMHO (checked
>> elsewhere, but still based on the same directive).
>
> Agreed.

The "plain" case would probably also catch mismatching SSL vhosts with
non-SNI clients.



( ! ) Warning: include(msgfooter.php): failed to open stream: No such file or directory in /var/www/git/apache2-developers/msg04090.html on line 100
Call Stack
#TimeMemoryFunctionLocation
10.0007363400{main}( ).../msg04090.html:0

( ! ) Warning: include(): Failed opening 'msgfooter.php' for inclusion (include_path='.:/var/www/git') in /var/www/git/apache2-developers/msg04090.html on line 100
Call Stack
#TimeMemoryFunctionLocation
10.0007363400{main}( ).../msg04090.html:0