[ LUGOS ] kinda urgent... ssl + virtualni hosti

crt jakhel crt na ice.dergan.si
Sob Dec 11 11:40:10 CET 1999


In reply to crt jakhel (11.12.99 11:16):

> > ali apache 1.3.9 omogoca imeti vec virtualnih hostov, ki so vsi
> > ssl-enabled in imajo *vsak svoj certifikat*, pri cemer se uporablja
> > name-based vhosting, *ne* pa ip-based vhosting?
> 
> (apache 1.3.9 + mod_ssl)

ok, forget it :( ... mod_ssl faq:

Why can't I use SSL with name-based/non-IP-based virtual hosts?   [L] 

     The reason is very technical. Actually it's some sort of a chicken
and egg problem: The SSL protocol
     layer stays below the HTTP protocol layer and encapsulates HTTP. When
an SSL connection (HTTPS) is
     established Apache/mod_ssl has to negotiate the SSL protocol
parameters with the client. For this
     mod_ssl has to consult the configuration of the virtual server (for
instance it has to look for the cipher suite,
     the server certificate, etc.). But in order to dispatch to the
correct virtual server Apache has to know the
     Host HTTP header field. For this the HTTP request header has to be
read. This cannot be done before
     the SSL handshake is finished. But the information is already needed
at the SSL handshake phase. Bingo!






Dodatne informacije o seznamu Starilist