> -----Ursprüngliche Nachricht----- > Von: William A. Rowe Jr. [mailto:wmr...@gmail.com] > Gesendet: Freitag, 28. Februar 2014 01:21 > An: dev@httpd.apache.org > Betreff: Re: Behavior of Host: vs. SNI Hostname in proxy CONNECT > requests > > On Wed, Feb 26, 2014 at 2:45 PM, Ruediger Pluem <rpl...@apache.org> > claimed: > > > Even if they use IP/Port based virtual hosting the SNI name and > supplied host header should be consistent. > > For all incoming forward proxy requests your statement is complete > nonsense.
Correct. But I wasn't talking about forward proxy requests here. Forward proxy requests are IMHO done by http://svn.apache.org/r1553204. I don't get why you insist on talking about forward proxies when everybody else is talking about different stuff. OTOH if one talks about forward proxies and ask you something about that (like about the patch above) you do not reply. > > The Host: header consistently appears to reflect the hostname of the > URI of the proxy > request (as distinguish from httpd internal proxy requests).. > > Given that *.example.com is a perfectly valid host cert CN, as is > foo.example.com > while bar.example.com is the altname of the certificate, accessing > bar.example.com > MUST NOT break when upgrading from 2.2.25 to 2.2.27. What does break here? Can you give an example of a configuration and a request that breaks? And please don't get back to a forward proxy example. This is a separate topic that is acknowledged to be broken and http://svn.apache.org/r1553204 is IMHO the fix. Regards Rüdiger
