People wrote
>> It would be really nice to take advantage of Apache's multiple virtual
>> domain capability in conjunction with SSL and have a certificate that
>> didn't cause a 'Certificate Name Check' dialog to pop up on every
>> connection for domains other than the one in the certificate.
>
> snip
>
>>
>> Anyone have a solution to this? Think there will be one?
>No. Its an inherent limitation of the SSL/TLS protocol.
No - it is a limitation of the current usage of http over SSL, where the
SSL negotiation happens before the Host: header. It is a general problem
inherent in most simplistic SSL-ing of protocols, where the rush to SSL-ify
meant that the protocol got broken, rather than integrating SSL into the
protocol itself.
See draft-ietf-tls-http-upgrade-05.txt to see how this can be fixed.
Cheers,
Paul
--
Paul Ford-Hutchinson : EMEA eCommerce application security :
[EMAIL PROTECTED]
OSU-1, IBM , PO Box 31, Birmingham Rd, Warwick, CV34 5YR +44 (0)1926 462005
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
