[users@httpd] Re: ssl-vhost-mixing issue
Hello, Krist wrote: You don't have a NameVirtualHost directive? What happens if you enter https://ip2.ip2.ip2.ip2 in your browser? we use NameVirtualHost *:80 in httpd.conf I did some tests with setting NameVirtualHost to base-ip of the server ip0.ip0.ip0.ip0, but nothing changed. ip1 and ip2 are especially used for SSL-Hosts. It makes no difference if i call https://ip2.ip2.ip2.ip2 or https://ip1.ip1.ip1.ip1 In both cases i see data of cert which came as first in httpd.conf But the both different vhosts are really separately requestet. i added a customlog directive for both vhosts and there was no mistake. If i call https://ip2.ip2.ip2.ip2 log2 was written and if i call https://ip1.ip1.ip1.ip1 log1 was written. I have read this: http://wiki.apache.org/httpd/NameBasedSSLVHosts Apache is ignoring config from second host if IP was already used for a SSL-Host. But in my case all used IPs are different. did i understand this correct? if yes, may be apache is confused when reading the certificates and finding same hostname in certificates... Eric Covener wrote: It's hard to tell which IP-based vhost you should have hit, or did hit, since you didn't specify which IP you connected to and you didn't log separately or show _all_ of your vhosts. i dont find any fault in my conf. logging separatly did show separatly requests by same cert-content. either this is a tricky conf-thing or a bug. Thanks, Hajo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
i dont find any fault in my conf. logging separatly did show separatly requests by same cert-content. either this is a tricky conf-thing or a bug. what does apachectl -S say? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
On Mon, Feb 21, 2011 at 10:09:14AM +0100, Hajo Locke wrote: VirtualHost ip1.ip1.ip1.ip1:443 Servername example.com SSLCertificateFile crt1 /VirtualHost VirtualHost ip2.ip2.ip2.ip2:443 Servername example.com SSLCertificateFile crt2 /VirtualHost See https://issues.apache.org/bugzilla/show_bug.cgi?id=43218#c5 It will work if you use a different ServerName (even varying the port would fix it) in the vhost with a different cert. Regards, Joe - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
See https://issues.apache.org/bugzilla/show_bug.cgi?id=43218#c5 It will work if you use a different ServerName (even varying the port would fix it) in the vhost with a different cert. Regards, Joe ahh, a bug. changing port to non-standard would solve this problem but cause others... i did some scripting and now writing vhost with active ip always as first one in conf. This solves this problem for me... Thanks, Hajo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Re: ssl-vhost-mixing issue
Hello, Apache 2.2.14 Hello List, have a question to ssl and two vhosts. i have 2 ip-based vhosts for enabling ssl for one domain in httpd.conf VirtualHost ip1.ip1.ip1.ip1:443 Servername example.com SSLCertificateFile crt1 /VirtualHost VirtualHost ip2.ip2.ip2.ip2:443 Servername example.com SSLCertificateFile crt2 /VirtualHost document-root and Servername for the two vhosts are identical. i do this to switch the domain to a new ip and new certificate at the same time without downtime by DNS. ip1 and crt1 are the new ones. Now i can view an odd behaviour. I call https://example.com which is pointing still to old ip2 and old certificate crt2. Now i view details of certificate in browser and wonder that i can sea details of crt1, but crt1 belongs to the other vhost with other ip. seems that always the crt from the first vhost with same servername is loaded. if i turn around order of the both vhosts and ip2 comes before ip1 in httpd.conf then all is ok and details of crt2 are displayed. Is this an expected behaviour? Seems to me that Apache is mixing some VHost Params in this Case. Bug or expected? Nobody has an opinion about this issue? I think this is critical. Either a bug in apache or a bug in my conf. my conf seems clean, i cannot solve this. it should be impossible that apache is mixing vhost-special directives. i can reproduce this on demand. Hajo - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
On Mon, Feb 21, 2011 at 10:09 AM, Hajo Locke hajo.lo...@gmx.de wrote: Nobody has an opinion about this issue? I think this is critical. Either a bug in apache or a bug in my conf. my conf seems clean, i cannot solve this. it should be impossible that apache is mixing vhost-special directives. i can reproduce this on demand. You don't have a NameVirtualHost directive? What happens if you enter https://ip2.ip2.ip2.ip2 in your browser? Krist -- krist.vanbes...@gmail.com kr...@vanbesien.org Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Re: ssl-vhost-mixing issue
Nobody has an opinion about this issue? I think this is critical. Either a bug in apache or a bug in my conf. my conf seems clean, i cannot solve this. it should be impossible that apache is mixing vhost-special directives. i can reproduce this on demand. It's hard to tell which IP-based vhost you should have hit, or did hit, since you didn't specify which IP you connected to and you didn't log separately or show _all_ of your vhosts. - The official User-To-User support forum of the Apache HTTP Server Project. See URL:http://httpd.apache.org/userslist.html for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org