On Thu, Feb 20, 2014 at 7:18 PM, Yann Ylavic <ylavic....@gmail.com> wrote: > On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja <pa...@netsafe.cz> wrote: >> Currently there are two possible scenarios with SSLCheckProxyPeerName On and >> numeric Host/URI: >> 1) you will try to open new connection which will fail the CN check and >> client gets 502 Bad Gateway >> 2) you will try to reuse already opened connection which will get you 400 >> Bad Request because SNI hostname won't match the numeric one. >> > > For 2) the issue is not related to IP addresses, reusing a SNI-ed > connection without checking the current hostname is a bug IMHO.
I proposed a fix (trunk) in PR 55782: https://issues.apache.org/bugzilla/attachment.cgi?id=31342&action=diff
