Note that I'm not arguing about the fixes, merely that the behavior seems to have changed. I will retest again tonight as well.
-- Leif > On Feb 1, 2014, at 1:12 PM, Reindl Harald <[email protected]> wrote: > > > > Am 01.02.2014 20:53, schrieb Leif Hedstrom: >>> On Feb 1, 2014, at 11:54 AM, James Peach <[email protected]> wrote: >>> >>>> On Feb 1, 2014, at 7:37 AM, Leif Hedstrom <[email protected]> wrote: >>>> >>>> Hi all, >>>> >>>> I just upgraded to latest master, and noticed that our behavior has >>>> changed related to how certs are “negotiated”. This is related to TS-2031 >>>> I believe. >>>> >>>> What it meant for me was that I had to reorder a couple of rules in >>>> ssl_multicert.config for the sites to work as expected. I’m sure this is a >>>> pretty unusual case, so I’m probably ok to just document this (visibly, in >>>> the v4.2.0 release) notes. But I’m interested to hear what others using >>>> SSL has to say about this? It technically does break backwards >>>> compatibility, since a config that used to work with v4.1.3 will not work >>>> with v4.2.0. >>>> >>>> Or should we play it safe, and move TS-2031 over to 5.0.x ? >>> >>> I'm not very clear on what happened; can you spell it out? >> >> I have two certs that matches www.ogre.com (one is is a wildcard). After >> this change, I have to reorder the two lines in the config, to get expected >> behavior > > i guess the non-wildcard on top to override the wildcard > in other words: the more specific wins > in that case -> go ahead -> perfect! > > not sure how the current behavior is, but if my guess is right > i would even go so far and call it a well deserved bugfix >
