https://bz.apache.org/bugzilla/show_bug.cgi?id=61081
--- Comment #3 from Eric Covener <cove...@gmail.com> --- (In reply to felipe from comment #2) > (In reply to Eric Covener from comment #1) > > (In reply to felipe from comment #0) > > > Currently there is no way to associate an SSL certificate with a specific > > > FQDN unless that FQDN is the only one on its virtual host. > > > > Is this true? The code looks like it scans ServerAlias entries > > (ssl_util_vhost_matches) to use the SNI name to map to an SSL vhost config. > > This associates the certificate with the vhost, not with an individual FQDN. > So all FQDNs on the vhost have to share a single certificate. > > What I’m proposing is a means to decouple the vhost logic from SNI matching: > if there’s a matching NameBasedSNI entry for the cert/key, then use that; > otherwise, do business as usual. I see, I think that is reasonable, but I would suggest avoiding new container/section construct for it. In a proprietary SSL plugin, that uses named certificates rather than paths, it was just repeated "SSLSNIMap hostname label". The interaction with current ssl-vhost-config selection by SNI would need to be sorted out too. Documenting the status quo would be a good start! -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org
