So, would I be correct to say that one could do port-based hosting like: https://real-host.tld:449/ https://name-based-host00.tld:44900/ https://name-based-host01.tld:44901/ https://name-based-host02.tld:44902/ ... and so on...
or simply have apache make the "secure" 3ld point to port 44900 on the IP address of name-based-host.tld, thus becoming: https://secure.real-host.tld/ https://secure.name-based-host00.tld/ https://secure.name-based-host01.tld/ https://secure.name-based-host02.tld/ ... which is exactly what I want? Also, how much of a problem would there be with using 449nn unprivileged ports with SSL? Michael --- Ed Wilts <[EMAIL PROTECTED]> wrote: > On Tue, Mar 26, 2002 at 09:25:28AM -0800, Michael Oatman wrote: > > I found somewhere that SSL does not do name-based virtual hosts. > > > > If anyone has a way around this limitation, other than say, > > https://secure.domain.tld/name-based_host/ please LMK. > > I believe that the reason it doesn't work is that the data is encrypted. > That means that you won't ever see a workaround... Similarly, ftp/tls won't > work over most firewalls since the embedded PORT commands are encrypted and the > firewall can't figure out which port you want to open. > > -- > Ed Wilts, Mounds View, MN, USA > mailto:[EMAIL PROTECTED] > hmmmmmmmm.... --- David Talkington <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike Burger wrote: > > >To my knowledge, there is no way around it. Currently, secure certs are > >issued for specific IPs. You can't really have more than one site with > >the same IP and expect the certs to work, properly. > > Right. > > This snip is from misc@openbsd, and is credited to Ben Laurie from the > Apache-SSL list: > > `The issue is that the certificate presented by the server can only be > selected on the basis of stuff that's known as soon as the socket is > connected (i.e. before any data exchange). The only useful information > available is the server IP and port number, so in order to present the > right certificate, you need a unique IP/port for each secure server.' > > - -d > > - -- > David Talkington > Ah.... I see.... __________________________________________________ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/ _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
