> -----Original Message----- > From: Yann Ylavic [mailto:ylavic....@gmail.com] > Sent: Mittwoch, 16. April 2014 15:00 > To: httpd > Subject: Re: svn commit: r1585090 - in /httpd/httpd/trunk: CHANGES > modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c > > On Wed, Apr 16, 2014 at 2:41 PM, Plüm, Rüdiger, Vodafone Group > <ruediger.pl...@vodafone.com> wrote: > > > >> -----Original Message----- > >> From: Yann Ylavic [mailto:ylavic....@gmail.com] > >> This base_server directive would help prevent vhost misuse at the > >> source, whatever the vhosts' configs are, and however we relax the > >> Host vs SNI check. > > > > I don't think so. The SNI provided hostname and the HTTP host header > still need to match. > > Which can't be if no vhost is defined for that SNI, the option would > not break that (it's more a hardening feature).
You are confusing me. In this case we would fall to the default vhost. But I guess I am currently not understanding what you try to resolve / what goes wrong without a patch. Care to give an example setup to clear up my confusion? Regards Rüdiger
