Hi,
on ftp.fr we use httpd on 6.2.
The config more or less looks like:
server "default" {
alias distfiles.bsdfrog.org
listen on egress port www
location "/*" {
block return 301 "https://$SERVER_NAME$REQUEST_URI";
}
}
server "distfiles.bsdfrog.org" {
listen on egress tls port https
root "/distfiles"
# tls ticket lifetime 1800
tls certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
tls key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
}
server "ftp.fr.openbsd.org" {
listen on egress port www
listen on egress tls port https
root "/mirror/ftp"
# tls ticket lifetime 1800
tls certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
tls key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
}
Which works fine with https on the different vhosts. But as soon as i uncomment
the tls ticket lifetime lines, httpd -nvv complains about configuration
mismatch:
server_tls_load_keypair: using certificate /etc/ssl/pond.obspm.bsdfrog.org.crt
server_tls_load_keypair: using private key
/etc/ssl/private/pond.obspm.bsdfrog.org.key
/etc/httpd.conf:37: server "ftp.fr.openbsd.org": tls configuration mismatch on
same address/port
which comes from
https://github.com/openbsd/src/blob/master/usr.sbin/httpd/parse.y#L319 - and
there i dont see what could mismatch here.. broken comparison on integers ?
same thing with 'default' for the value (without quotes) or
tls {
ticket lifetime 1800
certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
}
which afaiui should be equivalent. Of course the ssl cert has all the necessary
altnames.
Anyone having a clue ? Running a similar config without issue ?
Landry
