On 04/25/2009 11:20 AM, Plüm, Rüdiger, VF-Group wrote:
> Committed v10 with some smaller tweaks as r768499. Especially I removed
>
> @@ -186,16 +186,6 @@ int ssl_hook_ReadReq(request_rec *r)
> return HTTP_BAD_REQUEST;
> }
> }
> - else if (r->connection->vhost_lookup_data) {
> - /*
> - * We are using a name based configuration here, but no hostname was
> - * provided via SNI. Don't allow that.
> - */
> - ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
> - "No hostname was provided via SNI for a name based"
> - " virtual host");
> - return HTTP_FORBIDDEN;
> - }
> #endif
> SSL_set_app_data2(ssl, r);
>
> as I want to make this configurable and this is easier to do when it remains
> in the code.
Since r768596 this is now configurable via SSLStrictSNIVHostCheck (with a
default to off,
which is effectively the same as your original patch).
The default value might change depending on the results of peer review here.
So SSL gurus please some review here.
Regards
Rüdiger
