search

benluteijn / cherokee

Automatically exported from code.google.com/p/cherokee
0 stars 1 forks source link

SSL and multiple Virtual Servers #145

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
When I have many Virtual Servers I have to configure SSL on all servers,
because when 1 VS hasn't got SSL, other hasn't it too.

So there is no possibility to configure some Servers with SSL and some
without it.

Version from SVN

Original issue reported on code.google.com by pig...@gmail.com on 7 Oct 2008 at 10:40

GoogleCodeExporter commented 9 years ago 
What would happen when a virtual server receives receives a HTTPS request if it 
has not been configured to 
handle SSL/TLS?

Original comment by alobbs on 8 Oct 2008 at 7:24

GoogleCodeExporter commented 9 years ago 
nothing.

Just normal http error. It looks like that cherokee cannot handle any https 
request.

Original comment by pig...@gmail.com on 8 Oct 2008 at 10:28

GoogleCodeExporter commented 9 years ago 
Normal HTTP error over the SSL channel using the default key?  A normal HTTP 
error dropped into the socket 
ignoring whether it is SSL/TLS or not?  It isn't as obvious as it might look.

Original comment by alobbs on 8 Oct 2008 at 10:35

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
normal http error that inform about connection failed. The same when I try to 
access
SSL/TLS without enabling it.

Original comment by pig...@gmail.com on 8 Oct 2008 at 11:21

GoogleCodeExporter commented 9 years ago 
So, that is... writing a plane HTTP response and HTML error message as 
part/replay to an ongoing SSL/TLS 
handshake?

It doesn't sound right to me, although, quite frankly, I have no idea what is 
the right thing to do here.

Original comment by alobbs on 8 Oct 2008 at 12:58

GoogleCodeExporter commented 9 years ago 
most web servers just give an error if you try to access a virtualhost with 
https and
it doesn't serve that particular vhost with https

I spent two days browsing the source, going on wild goose chases to figure this 
out :(

thanks to the submitter for figuring this out 

/me feels dumb

Original comment by johnnyop...@gmail.com on 8 Oct 2008 at 10:47

GoogleCodeExporter commented 9 years ago

Original comment by alobbs on 2 Dec 2008 at 6:01

GoogleCodeExporter commented 9 years ago 
The default behavior has changed in the latest stable release:

- If TLS SNI is sent by the client, the right certificate will be used.
- If not so, the "default" certificate is used.

The TLS/SSL support is activated if just a single virtual server set a 
certificate.

Pigmej and Johnny, thanks for reporting and following up this issue. :-)

Original comment by alobbs on 5 Dec 2008 at 9:07