Re: [Debconf-team] error wiki.dc.org with https -> dc7
Hi there.
On Feb 14 2011, Holger Levsen wrote:
> On Sonntag, 13. Februar 2011, Joerg Jaspert wrote:
> > Not a bug, exactly as configured.
> > debconf7.debconf.org has same IP and its using ssl
>
> why is it configured like this?
Without both the client and server side using an extension to SSL called
SNI, when multiple virtual domains are configured on the same IP address,
we have a chicken-and-egg problem:
1 - the client resolves the DNS of the server to know where it has to
connect.
2 - it then proceeds to contact the server, but it has to get the server's
certificate for the connection to be authenticated and encrypted (the
certificates only contain names/wildcards, not IP addresses).
3 - the problem: what certificate should it grab from a server hosting
multiple virtual hosts?
Here is some information from the Apache project:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
BTW, there is a very nice packaged extension for enforcing HTTPS in many
places that you can grab from here:
https://launchpad.net/~rbrito/+archive/ppa/+packages
Sponsorship to the main is gladly accepted. :-)
OK. Sorry for the off-topic message and back to our scheduled discussions.
:-)
Regards,
--
Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFCAAAA
http://rb.doesntexist.org : Packages for LaTeX : algorithms.berlios.de
DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br
Reply to: