[peruser] [PATH] NameVirtualHost support on ssl enabled ports

Lazy lazy404 at gmail.com
Wed Dec 12 12:50:10 MST 2007


Hi,
please take a loot at this.


This patch enables apache2-peruser to use several ssl enabled Name
based Virualhosts on a single pair of ip and port.

All virtualhosts need to use same ServerEnvironment as the default
(first) virtualhost on this port because we don't know the requested
host yet (because it's encrypted) and we don't want to decrypt it in a
MULTIPLEXER. Of course all the vhosts have to use the same
certificates.
It can be useful if we have a wildcard certificate.

It requires mod_ssl compiled in because it uses ssl_module struct.

I tested it on 2 my machines and it seems to work, but your mileage may vary.

I'm no apache programmer so probably I missed a more elegant way of
getting info about ssl and not requiring mod_ssl to compile.

With this patch bellow config works as expected, without the patch
apaches workers get plain "GET /" requests for a ssl enabled host and
produces errors.


Listen 127.0.0.1:443
NameVirtualhost 127.0.0.1:443

<VirtualHost 127.0.0.1:443>
ServerEnvironment lazy lazy

ServerName localhost
SslEngine on
SSLCertificateFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.key
DocumentRoot /usr/local/apache2_debug/3
</VirtualHost>

<VirtualHost 127.0.0.1:443>
ServerEnvironment lazy lazy

ServerName test.localhost

SslEngine on
SSLCertificateFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /usr/local/apache2_debug/conf/ssl-cert-snakeoil.key
DocumentRoot /usr/local/apache2_debug/4
</VirtualHost>

-- 
Michał Grzędzicki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: httpd-2.0.61-peruser-0.3.0-namevirtualhost_ssl.patch
Type: text/x-diff
Size: 2034 bytes
Desc: not available
Url : http://www.telana.com/pipermail/peruser/attachments/20071212/2996360a/attachment.bin 


More information about the Peruser mailing list