Dne Pá 21. února 2014 15:13:25, Pavel MatÄja napsal(a):
> Dne Pá 21. února 2014 13:55:56, Yann Ylavic napsal(a):
> > On Thu, Feb 20, 2014 at 7:18 PM, Yann Ylavic wrote:
> > > On Thu, Feb 20, 2014 at 6:28 PM, Pavel MatÄja wrote:
> > >> Currently there are two possible scenarios with SSLChe
Dne Pá 21. února 2014 13:55:56, Yann Ylavic napsal(a):
> On Thu, Feb 20, 2014 at 7:18 PM, Yann Ylavic wrote:
> > On Thu, Feb 20, 2014 at 6:28 PM, Pavel Matěja wrote:
> >> Currently there are two possible scenarios with SSLCheckProxyPeerName On
> >> and numeric Host/URI:
> >> 1) you will try to op
On Fri, Feb 21, 2014 at 10:48 AM, Pavel Matěja wrote:
> Dne Pá 21. února 2014 10:08:42, Yann Ylavic napsal(a):
>> On Fri, Feb 21, 2014 at 12:52 AM, Yann Ylavic wrote:
>> > Maybe what you need is a new ProxyPreserveHost on/off/canon option so
>> > that mod_proxy uses the ServerName to fill in the
Dne Pá 21. února 2014 10:08:42, Yann Ylavic napsal(a):
> On Fri, Feb 21, 2014 at 12:52 AM, Yann Ylavic wrote:
> > Maybe what you need is a new ProxyPreserveHost on/off/canon option so
> > that mod_proxy uses the ServerName to fill in the Host header (hence
> > the SNI and the "proxy-request-hostna
There seem to be different questions in this thread regarding SNI.
Maybe we can enumerate them first to see what's going on (at least I need to)
1. What should the client-provided SNI be checked against?
1.1. for server or proxy-reverse
1.2. for proxy-forward/CONNECT
Possibilities are :
1.a. Host
>> Please post the full details in a bug report
> It's qute simple.
I meant the full details (config, logs, etc) in bugzilla.
https://issues.apache.org/bugzilla/
Dne Čt 20. února 2014 15:00:05, Yann Ylavic napsal(a):
> mod_ssl won't fill in the SNI if it's an IP address, the check is not
> in mod_proxy_http but in ssl_io_filter_connect() :
> if (hostname_note &&
> sc->proxy->protocol != SSL_PROTOCOL_SSLV2 &&
> sc->proxy->prot
mod_ssl won't fill in the SNI if it's an IP address, the check is not
in mod_proxy_http but in ssl_io_filter_connect() :
if (hostname_note &&
sc->proxy->protocol != SSL_PROTOCOL_SSLV2 &&
sc->proxy->protocol != SSL_PROTOCOL_SSLV3 &&
apr_ipsubnet_create(&ip
Dne Čt 20. února 2014 08:13:13, Eric Covener napsal(a):
> On Thu, Feb 20, 2014 at 7:47 AM, Pavel Matěja wrote:
> > Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
> >> I believe that Kaspar and Ruediger are still entirely at odds with my
> >> position, but this 'enhancement' should
On Thu, Feb 20, 2014 at 7:47 AM, Pavel Matěja wrote:
> Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
>> I believe that Kaspar and Ruediger are still entirely at odds with my
>> position, but this 'enhancement' should never have been unilaterally
>> applied as it was to 2.2.26 and
Dne St 19. února 2014 21:09:10, William A. Rowe Jr. napsal(a):
> I believe that Kaspar and Ruediger are still entirely at odds with my
> position, but this 'enhancement' should never have been unilaterally
> applied as it was to 2.2.26 and must be reverted (even as the feature
> is 'fixed' with cor
I believe that Kaspar and Ruediger are still entirely at odds with my
position, but this 'enhancement' should never have been unilaterally
applied as it was to 2.2.26 and must be reverted (even as the feature
is 'fixed' with corrections they have blessed), e.g. the comparison
must be constrained to
Dne Ãt 18. února 2014 10:16:15, Daniel Kahn Gillmor napsal(a):
> On 02/18/2014 08:14 AM, Pavel MatÄja wrote:
> > There is one big risk when someone uses reverse HTTPS proxy with
> > ServerAlias.
> >
> > Let say you have on both - backend and proxy servers options:
> > ServerName www.example.c
Dne Út 17. prosince 2013 18:35:50, Kaspar Brand napsal(a):
> On 26.11.2013 06:31, Kaspar Brand wrote:
> > As far as PR 55782 is concerned, the problem might be that
> > proxy_util.c:ap_proxy_determine_connection() does not take Host: header
> > differences into account when checking if an existing
14 matches
Mail list logo