https://bz.apache.org/bugzilla/show_bug.cgi?id=69743
Joe Orton <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |CLOSED Status|NEW |RESOLVED --- Comment #37 from Joe Orton <[email protected]> --- Addressed in trunk via new directive SSLVHostSNIPolicy. trunk commit: r1929308 docs: https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslvhostsnipolicy To test in 2.4.x you can try the patch below: curl https://github.com/apache/httpd/commit/29a575d7b6bc908bb081052afbda8099f5c1e8ba.patch | patch -p1 and then configure "SSLVHostSNIPolicy authonly" to ignore mismatches of cert/key configuration but retain the fix for CVE-2025-23048 Feedback from testing the patch is very welcome. Hyperbole and trolling is not. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
