On Wed, Jun 10, 2015 at 4:41 PM, Stefan Eissing <[email protected]> wrote: > Today I had the second user which got "400 Bad Request" when using mod_h2 > with a wildcard certificate. So, I was thinking how to possibly fix the code > in mod_ssl. > > The mostly harmless approach is the addition of a configuration directive > that admins may use to explicitly allow multiple host requests on a SNI > connection. Which would mean that both the config of the SNI host and the > config of the request host have "SSLSNIVHostMatch off". > > The case where no Host header is provided or no SNI is used I propose to > leave unaffected, e.g. continue to fail. > > Any thoughts?
Maybe matching against the ServerName and ServerAlias(es) instead of the Host header, so that the admin can still have a control on it...
