Bug#485635: apache2-mpm-prefork: Incorrect warning with wildcard ssl certificates
Package: apache2-mpm-prefork
Version: 2.2.3-4+etch4
Severity: minor
There seems to be a bug in the matching code to decide if the certificate
matches the vhost name. In my log files, I'm getting logs of incorrect
warnings of the form:
[warn] RSA server certificate CommonName (CN) `*.example.com' does NOT
match server name!?
In one particular case, I have:
ServerName fluffy.torchbox.com
subject= /C=UK/ST=Oxfordshire/L=Oxford/O=Torchbox/OU=Web
Servers/CN=*.torchbox.com
But still get the warning:
[warn] RSA server certificate CommonName (CN) `*.torchbox.com' does
NOT match server name!?
So it looks like the checking code is incorrect
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable'), (200, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-1-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages apache2-mpm-prefork depends on:
ii apa 2.2.3-4+etch4 Next generation, scalable, extenda
ii lib 1.2.7-8.2 The Apache Portable Runtime Librar
ii lib 1.2.7+dfsg-2 The Apache Portable Runtime Utilit
ii lib 2.7-10 GNU C Library: Shared libraries
ii lib 4.4.20-8 Berkeley v4.4 Database Libraries [
ii lib 1.95.8-3.4 XML parsing C library - runtime li
ii lib 2.1.30-13.3 OpenLDAP libraries
ii lib 7.4-1 Perl 5 Compatible Regular Expressi
ii lib 8.1.11-0etch1 PostgreSQL C client library
ii lib 3.3.8-1.1 SQLite 3 shared library
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 universally unique id library
apache2-mpm-prefork recommends no packages.
-- no debconf information
Reply to: