apache mod_ssl kai virtualhosting (fwd)

Christos Ricudis ricudis at paiko.gr
Wed Mar 20 00:46:00 EET 2002


On Tue, 19 Mar 2002, Super-User wrote:

>>> prospa8w na sthsw ena web server me name-based virtual hosting, auto pou
>>> de katafera einai na xrhsimopoihsw diaforetika certificates, ena gia
>>> ka8e site, o apache panta stelnei ena apo auta me apotelesma to
>>> enoxlhtiko warning oti Common Name kai Server Name de tairiazoun.
>>
>>Ama breis pws ginetai, pes to kai stous hli8ious poy en etei [199*, 200*} 
>>skefthkan ena [1] SSL encapsulation method gia HTTP, anikano na 
>>yposthriksei name-based virtual hosts.
>
>de to 'xw psa3ei toso poly to SSL, wste na mporw na katalabw gia poio
>logo den yposthrizei named-based virtual hosts, me ta liga grammata pou
>3erw mou fainete pragmatika blakwdes. Dinontas pantws allo port gia ka8e
>vhost me SSL, douleuei mia xara (me kanei na aporw me to pou einai to
>kolhma an xrhsimopoiousa mono ena port).

(to ricudiis at paiko.gr me dyo i einai spamopagida, pali kala poy ta
diabazw pote pote. to mail mou einai ricudis at paiko.gr) 

To problhma me to common SSL wrapping trick einai oti to certificate
prepei na einai gnwsto kata to TCP connection establishment. Se ekeinh th 
fash toy connection omws, den einai gnwsto se poio virtual host
apey8ynetai to HTTP request (h plhroforia brisketai ston HTTP
header). Ypo8etw (den exw asxolh8ei kai poly me to SSL) oti kati tetoio
8a mporouse na epiteyx8ei me th xrhsh kapoiou STARTTLS-like mhxanismou
ston opoio to SSL session arxizei se ysterh fash toy connection, afou exei 
antallax8ei arketh higher-layer plhroforia wste na mporei na katalabei 
poio certificate prepei na epileksei. 

To na dwseis diaforetiko port gia ka8e vhost me SSL lynei ayto to
problhma, alla sou dhmiourgei ena allo: ta perissotera squid proxies einai 
ry8mismena na apagoreyoyn connections se arbitrary ports (metaksy twn
allwn gia na mh xrhsimopoieitai to squid san generic TCP proxy). Etsi,
polloi aplws den mporoyn na doun to site sou (kai esy den to katalabaineis
pote). 

-- 
Christos Ricudis

ric-NOSPAM-udis at paiko.gr			Remove -NOSPAM- to reply
spamoula at paiko.gr				Send your spam here




More information about the Linux-greek-users mailing list