[mod_gnutls-devel] [gnutls-help] need help with SNI

Olaf Zaplinski olaf at zaplinski.de
Wed Apr 9 23:47:35 CEST 2014

Am 09.04.2014 23:31, schrieb Daniel Kahn Gillmor:
> On 04/09/2014 10:55 AM, Olaf Zaplinski wrote:
>> I have a problem with SNI.
>> I have 3 name based vhosts with GnuTLS.
> I think you're stalking about apache with mod_gnutls.


> I'm sending this response to mod_gnutls-devel at lists.gnutls.org since
> that's a better place for apache-related mod_gnutls questions.  please
> follow up there.

OK. But I will keep this list on CC, ok?

> it does sound like there might be an SNI matching issue that we could
> tighten up (presumably we'd want to take the most-specific match
> possible, rather than the first-matching cert).

I found a blog mentioning that GnuTLS has problems with subjectAltName:


Sounds like my problem: GnuTLS chooses the "wrong" certificate.


More information about the mod_gnutls-devel mailing list