Rob Heittman wrote:
>
> Ben sez:
>
> > If you are trying to use name-based virtual hosts, well, you can't. Use
> > IP-based vhosts.
>
> <chuckle> Great timing! As it so happens, I was just starting to prowl
> around for a way to patch the module up to also work with name-based
> virtual hosts. (Raven and Stronghold exhibit the same limitation.) Is
> there an inherent reason why this _can't_ work -- and therefore a waste
> of time to try -- or is it just a matter of "why bother?"
The inherent problem is that SSL handshake (and therefore certificate
exchange) occurs _before_ any data is sent, including, of course, the
HTTP request which will determine the correct name-based virtual host.
There is a theory that you could, at this point, renogatiate the client
cert (however it is said that the client's tend to crash if you do
this), but it is almost certainly too late for the server cert.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache