[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#533757: apache2: ports.conf should not say name-based SSL virtual hosts are not supported

Package: apache2.2-common
Version: 2.2.9-10+lenny3
Severity: wishlist
Tags: patch

/etc/apache2/ports.conf says:
<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    Listen 443
</IfModule>

But name-based SSL virtual hosts are actually supported. What is not supported, is to have several certificates: the first one is always presented, as, at this moment, the server does not know what virtual host to serve.

I suggest this modification, to let the user know the advantages and disadvantages to use name-based or address-based virtual hosts:
<IfModule mod_ssl.c>
    # SSL name based virtual hosts will all use the first certificate declared.
    # Further certificate declarations are simply ignored, so you should use
    # either certificates with wildcards or alternative names (SubjectAltName),
    # or address-based virtual hosts.
    NameVirtualHost *:443
    Listen 443
</IfModule>

-- Package-specific info:
List of enabled modules from 'apache2 -M':
  alias auth_basic authn_file authz_default authz_groupfile
  authz_host authz_user autoindex cgi dir env mime negotiation php5
  setenvif status userdir

-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apache2 depends on:
ii  apache2-mpm-prefork      2.2.9-10+lenny3 Apache HTTP Server - traditional n

apache2 recommends no packages.

apache2 suggests no packages.

Versions of packages apache2.2-common depends on:
ii  apache2-utils       2.2.9-10+lenny3      utility programs for webservers
ii  libapr1             1.2.12-5             The Apache Portable Runtime Librar
ii  libaprutil1         1.2.12+dfsg-8+lenny2 The Apache Portable Runtime Utilit
ii  libc6               2.7-18               GNU C Library: Shared libraries
ii  libmagic1           4.26-1               File type determination library us
ii  libssl0.9.8         0.9.8g-15+lenny1     SSL shared libraries
ii  lsb-base            3.2-20               Linux Standard Base 3.2 init scrip
ii  mime-support        3.44-1               MIME files 'mime.types' & 'mailcap
ii  net-tools           1.60-22              The NET-3 networking toolkit
ii  perl                5.10.0-19            Larry Wall's Practical Extraction 
ii  procps              1:3.2.7-11           /proc file system utilities
ii  zlib1g              1:1.2.3.3.dfsg-12    compression library - runtime

-- no debconf information

--- ports.conf.old	2009-06-20 12:04:45.000000000 +0200
+++ ports.conf	2009-06-20 12:09:00.000000000 +0200
@@ -9,7 +9,10 @@
 Listen 80
 
 <IfModule mod_ssl.c>
-    # SSL name based virtual hosts are not yet supported, therefore no
-    # NameVirtualHost statement here
+    # SSL name based virtual hosts will all use the first certificate declared.
+    # Further certificate declarations are simply ignored, so you should use
+    # either certificates with wildcards or alternative names (SubjectAltName),
+    # or address-based virtual hosts.
+    NameVirtualHost *:443
     Listen 443
 </IfModule>
Reply to: