I don't entirely understand the patch CHANGES, however... On Tue, Jun 9, 2015 at 10:41 AM, <wr...@apache.org> wrote:
> PATCHES ACCEPTED TO BACKPORT FROM TRUNK: > [ start all new proposals below, under PATCHES PROPOSED. ] > > * mod_ssl: bring SNI behavior into better conformance with RFC 6066 > (also addresses PR 56241) > trunk patch: https://svn.apache.org/r1585090 > (partial, w/o startup warnings changes) > 2.4.x patch: https://svn.apache.org/r1588424 > (backported to 2.4.10) > 2.2.x patch: > http://people.apache.org/~ylavic/httpd-2.2.x-no_sni_warning.patch > + +1: ylavic, jorton, wrowe > The patch claims both adjusting alerts and changing startup behavior... --- CHANGES (revision 1684331) +++ CHANGES (working copy) @@ -1,6 +1,11 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.30 + *) mod_ssl: bring SNI behavior into better conformance with RFC 6066: + no longer send warning-level unrecognized_name(112) alerts, + and limit startup warnings to cases where an OpenSSL version + without TLS extension support is used. PR 56241. [Kaspar Brand] + *) http: Make ap_die() robust against any HTTP error code and not modify response status (finally logged) when nothing is to be done. [Yann Ylavic] But the patch contains only the first change to code. @@ -1962,7 +1962,21 @@ int ssl_callback_ServerNameIndication(SSL *ssl, in "No matching SSL virtual host for servername " "%s found (using default/first virtual host)", servername); - return SSL_TLSEXT_ERR_ALERT_WARNING; Everything else is commentary. When you backport, Yann, would you correct the message?
