---------------------------------------- > Date: Sat, 23 Nov 2013 08:18:14 -0500 > Subject: Re: ssl_die() and pool cleanup > From: cove...@gmail.com > To: dev@httpd.apache.org > >> So, if the sanity check is skipped for the _default_ host, or there is a >> better way to set the ServerName of the _default_ host, which I don't know >> yet, then this wouldn't be affected. > > I don't think any behavior should be based on _default_ vs. *. > > Your scenario probably works the same with the first VH as "*" simply > because it's the first listed NVH.
You are right, there should be no difference between _default_ vs. *. Yet, this does not change the fact, that you have to explicitly set a ServerName for the first VH, different to the CN in the certificate. Otherwise all requests would be served by the first VH, instead of the other ones. If mod_ssl would decline VH's with a nonmatching ServerName, then a configuration with a <VirtualHost :80 :443> would be impossible without a wildcard certificate, at least to my knowledge.