[ LUGOS ] kinda urgent... ssl + virtualni hosti
crt jakhel
crt na ice.dergan.si
Sob Dec 11 11:40:10 CET 1999
In reply to crt jakhel (11.12.99 11:16):
> > ali apache 1.3.9 omogoca imeti vec virtualnih hostov, ki so vsi
> > ssl-enabled in imajo *vsak svoj certifikat*, pri cemer se uporablja
> > name-based vhosting, *ne* pa ip-based vhosting?
>
> (apache 1.3.9 + mod_ssl)
ok, forget it :( ... mod_ssl faq:
Why can't I use SSL with name-based/non-IP-based virtual hosts? [L]
The reason is very technical. Actually it's some sort of a chicken
and egg problem: The SSL protocol
layer stays below the HTTP protocol layer and encapsulates HTTP. When
an SSL connection (HTTPS) is
established Apache/mod_ssl has to negotiate the SSL protocol
parameters with the client. For this
mod_ssl has to consult the configuration of the virtual server (for
instance it has to look for the cipher suite,
the server certificate, etc.). But in order to dispatch to the
correct virtual server Apache has to know the
Host HTTP header field. For this the HTTP request header has to be
read. This cannot be done before
the SSL handshake is finished. But the information is already needed
at the SSL handshake phase. Bingo!
Dodatne informacije o seznamu Starilist