[gnutls-help] [mod_gnutls-devel] need help with SNI
Benny Baumann
BenBE1987 at gmx.net
Thu Apr 10 08:36:04 CEST 2014
Hi Olaf,
Am 09.04.2014 23:47, schrieb Olaf Zaplinski:
> Am 09.04.2014 23:31, schrieb Daniel Kahn Gillmor:
>> On 04/09/2014 10:55 AM, Olaf Zaplinski wrote:
>>> I have a problem with SNI.
>>>
>>> I have 3 name based vhosts with GnuTLS.
>>
>> I think you're stalking about apache with mod_gnutls.
>
> Correct.
>
>> I'm sending this response to mod_gnutls-devel at lists.gnutls.org since
>> that's a better place for apache-related mod_gnutls questions. please
>> follow up there.
>
> OK. But I will keep this list on CC, ok?
>
>> it does sound like there might be an SNI matching issue that we could
>> tighten up (presumably we'd want to take the most-specific match
>> possible, rather than the first-matching cert).
>
> I found a blog mentioning that GnuTLS has problems with subjectAltName:
>
> http://jan-krueger.net/development/mod_gnutls-and-startssl-level-1-certificates-the-problem-and-solution
>
>
> Sounds like my problem: GnuTLS chooses the "wrong" certificate.
Could you please check if you can install the latest mod_gnutls from
trunk? Some issues with VHosts were fixed with 0.6 but being
bleeding-edge might be worth a try.
>
> Olaf
>
Regards,
BenBE.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140410/d25265c1/attachment.sig>
More information about the Gnutls-help
mailing list