[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: add mod_ssl to apache under RH 7.2



So, would I be correct to say that one could do port-based hosting like:

https://real-host.tld:449/
https://name-based-host00.tld:44900/
https://name-based-host01.tld:44901/
https://name-based-host02.tld:44902/
...
and so on...

or simply have apache make the "secure" 3ld point to port 44900 on the 
IP address of name-based-host.tld, thus becoming:

https://secure.real-host.tld/
https://secure.name-based-host00.tld/
https://secure.name-based-host01.tld/
https://secure.name-based-host02.tld/
...

which is exactly what I want?

Also, how much of a problem would there be with using 449nn unprivileged
ports with SSL?

Michael


--- Ed Wilts <ewilts ewilts org> wrote:
> On Tue, Mar 26, 2002 at 09:25:28AM -0800, Michael Oatman wrote:
> > I found somewhere that SSL does not do name-based virtual hosts.
> > 
> > If anyone has a way around this limitation, other than say,
> > https://secure.domain.tld/name-based_host/ please LMK.
> 
> I believe that the reason it doesn't work is that the data is encrypted.
> That means that you won't ever see a workaround...  Similarly, ftp/tls won't 
> work over most firewalls since the embedded PORT commands are encrypted and the
> firewall can't figure out which port you want to open.
> 
> -- 
> Ed Wilts, Mounds View, MN, USA
> mailto:ewilts ewilts org
> 

hmmmmmmmm....

--- David Talkington <dtalk prairienet org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Mike Burger wrote:
> 
> >To my knowledge, there is no way around it.  Currently, secure certs are 
> >issued for specific IPs.  You can't really have more than one site with 
> >the same IP and expect the certs to work, properly.
> 
> Right.  
> 
> This snip is from misc openbsd, and is credited to Ben Laurie from the
> Apache-SSL list:
> 
> `The issue is that the certificate presented by the server can only be
> selected on the basis of stuff that's known as soon as the socket is  
> connected (i.e. before any data exchange). The only useful information
> available is the server IP and port number, so in order to present the
> right certificate, you need a unique IP/port for each secure server.'
> 
> - -d
> 
> - -- 
> David Talkington
> 

Ah.... I see....


__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®
http://movies.yahoo.com/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]