Currently, we only use DefaultServerName for choosing a certificate. This doesn't make a lot of sense, because if that is set to a name that doesn't have a cert managed for it, it will not be of much use because we'd use the IP address to fill in an empty ServerName when doing logic, but only using DefaultServerName when loading the certs. So things didn't line up sometimes.
This change makes it so that DefaultServerName will always be used as the ServerName when it was empty, meaning that the IP address will never be used as the "name". This is more expected behavior. (So obviously, if you WANT to serve your IP address over TLS, then don't set DefaultServerName.)
This is being deployed soon to a production environment but is so far working well in staging. Likely to be merged into mainstream CM.
mholt
commented
4 months ago
Currently, we only use
DefaultServerNamefor choosing a certificate. This doesn't make a lot of sense, because if that is set to a name that doesn't have a cert managed for it, it will not be of much use because we'd use the IP address to fill in an empty ServerName when doing logic, but only using DefaultServerName when loading the certs. So things didn't line up sometimes.This change makes it so that DefaultServerName will always be used as the ServerName when it was empty, meaning that the IP address will never be used as the "name". This is more expected behavior. (So obviously, if you WANT to serve your IP address over TLS, then don't set DefaultServerName.)
This is being deployed soon to a production environment but is so far working well in staging. Likely to be merged into mainstream CM.