On 02/14/2008 09:46 PM, Dirk-Willem van Gulik wrote:
On Feb 14, 2008, at 9:34 PM, Ruediger Pluem wrote:
server on this IP/port pair. IMHO SNI in SSL should be handled the
same way as usual
name based virtual hosts in the HTTP case. This may mean that we need
to add another
server_rec field to the conn_rec struct that contains s and that
mod_ssl needs to
work with this field instead of base_server. But to be honest I
haven't analysed
this further.
My test suggest that it does the right thing - but I understand your
concern -- and have not tried your senario in a wider case. Though my
guess this still behaves correct ? Unfortunately I won't be able to dive
into this in the next few days. Feel free back this change out if you
think it break things - or hack on it :) It is not super critical.
Agreed. From a first checking I see the following difference in behaviour
between SNI / HTTP name based virtual hosts (NBVH):
ap_log_cerror:
SNI: Logs to error_log of vhost with correct SNI name as soon as
we adjusted base_server.
NBVH: Logs to error log of the first vhost
Timeout:
SNI: Timeout for request reading after a keepalive is set to
the value of the vhost that handled the request before.
NBVH: Timeout for request reading after a keepalive is set to
the value of the first vhost.
mod_dbd (ap_dbd_cacquire):
SNI: Takes its config from vhost with correct SNI name as soon as
we adjusted base_server.
NBVH: Takes its config from the first vhost.
Regards
RĂ¼diger
