Package: libapache2-mod-gnutls
Version: 0.5.1-1
Severity: important
It appears that name-based virtual hosting isn't working properly. Below you
will find a very basic
Apache configuration for two SSL virtual hosts. Both virtal hosts are
accessible but both hosts
are using the SSL certificate and key from the first virtual host. Also, any
extra directives
placed in the second virtual host do not seem to apply. For example, adding
"GnuTLSClientVerify require"
to the second virtual host in order to requite client certificate validation
does not work. If I add it to
the first virtual host then *both* virtual hosts start demanding client
certificates.
I am using IceWeasel 2 (as shipped in Lenny) to access those virtual hosts. It
should have support
for Server Name Identification (SNI) that allows mod_gnutls to do name-based
virtula hosting.
Marking severity as important because Name-based virtual hosting is one of the
primary reasons why
people use mod_gnutls over mod_ssl.
My configuration:
NameVirtualHost *:443
Listen 443
# First virtual host, using a self-signed certificate
<VirtualHost *:443>
DocumentRoot /var/www/host1
ServerName host1.example.org:443
# SSL using GnuTLS
GnuTLSEnable On
GnuTLSPriorities PERFORMANCE:%COMPAT
GnuTLSCertificateFile /etc/apache2/ssl/host1.cert
GnuTLSKeyFile /root/certs/host1.key
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
# Second virtual host using a sertificate signed by CACert.
# But, it is served with the self-signed certificate from the previous
# virtual host. That can't be right!
<VirtualHost *:443>
# SSL using GnuTLS
GnuTLSEnable On
GnuTLSCertificateFile /etc/apache2/ssl/host2.cert
GnuTLSKeyFile /root/certs/host2.key
GnuTLSPriorities PERFORMANCE:%COMPAT
ServerName svn.example.org:443
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature On
# This is a Subevrsion server, so no DocumentRoot
# statement but instead this Location directive
<Location "/">
DAV svn
SVNParentPath /var/svn
SVNListParentPath On
AuthType Basic
AuthName "My subversion repositories"
AuthUserFile /etc/subversion/svn-users
AuthzSVNAccessFile /etc/subversion/svn-groups
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
</VirtualHost>
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.25-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libapache2-mod-gnutls depends on:
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libgnutls26 2.4.2-4 the GNU TLS library - runtime libr
libapache2-mod-gnutls recommends no packages.
libapache2-mod-gnutls suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
