I am running pound and it works with alternate names and SNI I have 2 certificates running and the 2 names I'm using are both alt names.
By default it takes the first one. I'm running it over a year... You could use a script I wrote to troubleshoot: http://www.linuxquestions.org/questions/programming-9/check-certificate-of-a-server-4175436532/ -----Oorspronkelijk bericht----- Van:Joe Gooch <[email protected]> Verzonden:ma 30-12-2013 17:19 Onderwerp:RE: [Pound Mailing List] Pound + SNI + Alternative Names Aan:‘[email protected]‘ <[email protected]>; I've looked at the code in 2.7, and it does appear to take alt names into consideration. I'm fairly certain my original SNI patch did not. What version of pound are you using? Joe > -----Original Message----- > From: Piotr Rotter [mailto:[email protected]] > Sent: Monday, December 23, 2013 7:36 AM > To: [email protected] > Subject: [Pound Mailing List] Pound + SNI + Alternative Names > > Hello, > > I use pound as SSL accelerator and I have problem with SNI. > In my configuration SNI works only with common names and ignore > alternative names. > > For example, I have configuration like that: > > ListenHTTPS > Address 0.0.0.0 > Port 443 > Cert "www.aaa.pl.crt" > Cert "www.bbb.pl.crt" > CAlist "geotrust.ca" > VerifyList "geotrust.ca" > Service > BackEnd > Address 127.0.0.1 > Port 80 > Priority 1 > End > End > End > > and certificates like: > > openssl x509 -in www.aaa.pl.crt -text -noout > CN=www.aaa.pl > X509v3 Subject Alternative Name: > DNS:www.aaa.pl, DNS:aaa.pl > > openssl x509 -in www.bbb.pl.crt -text -noout > CN=www.bbb.pl > X509v3 Subject Alternative Name: > DNS:www.bbb.pl, DNS:bbb.pl > > This configuration works fine for: > www.aaa.pl > aaa.pl > www.bbb.pl > but for bbb.pl pound offers certificate for www.aaa.pl > > Is it some bug in my configuration or pound does not support > alternative names? > > -- > To unsubscribe send an email with subject unsubscribe to > [email protected]. > Please contact [email protected] for questions.
<<attachment: winmail.dat>>
