Bug#533757: apache2: ports.conf should not say name-based SSL virtual hosts are not supported
Package: apache2.2-common
Version: 2.2.9-10+lenny3
Severity: wishlist
Tags: patch
/etc/apache2/ports.conf says:
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443
</IfModule>
But name-based SSL virtual hosts are actually supported. What is not supported, is to have several certificates: the first one is always presented, as, at this moment, the server does not know what virtual host to serve.
I suggest this modification, to let the user know the advantages and disadvantages to use name-based or address-based virtual hosts:
<IfModule mod_ssl.c>
# SSL name based virtual hosts will all use the first certificate declared.
# Further certificate declarations are simply ignored, so you should use
# either certificates with wildcards or alternative names (SubjectAltName),
# or address-based virtual hosts.
NameVirtualHost *:443
Listen 443
</IfModule>
-- Package-specific info:
List of enabled modules from 'apache2 -M':
alias auth_basic authn_file authz_default authz_groupfile
authz_host authz_user autoindex cgi dir env mime negotiation php5
setenvif status userdir
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apache2 depends on:
ii apache2-mpm-prefork 2.2.9-10+lenny3 Apache HTTP Server - traditional n
apache2 recommends no packages.
apache2 suggests no packages.
Versions of packages apache2.2-common depends on:
ii apache2-utils 2.2.9-10+lenny3 utility programs for webservers
ii libapr1 1.2.12-5 The Apache Portable Runtime Librar
ii libaprutil1 1.2.12+dfsg-8+lenny2 The Apache Portable Runtime Utilit
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libmagic1 4.26-1 File type determination library us
ii libssl0.9.8 0.9.8g-15+lenny1 SSL shared libraries
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii mime-support 3.44-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-22 The NET-3 networking toolkit
ii perl 5.10.0-19 Larry Wall's Practical Extraction
ii procps 1:3.2.7-11 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
-- no debconf information
--- ports.conf.old 2009-06-20 12:04:45.000000000 +0200
+++ ports.conf 2009-06-20 12:09:00.000000000 +0200
@@ -9,7 +9,10 @@
Listen 80
<IfModule mod_ssl.c>
- # SSL name based virtual hosts are not yet supported, therefore no
- # NameVirtualHost statement here
+ # SSL name based virtual hosts will all use the first certificate declared.
+ # Further certificate declarations are simply ignored, so you should use
+ # either certificates with wildcards or alternative names (SubjectAltName),
+ # or address-based virtual hosts.
+ NameVirtualHost *:443
Listen 443
</IfModule>
Reply to: