apache-virtualhost a SSL

[Petr Novotny]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18 Jan 00, at 10:35, Jan Satko wrote:
> Certifikat davam co vygenerovany cez apache. A kontroluje si
> meno-servera, nie ip-adresu. Na viac ip-adresach to funguje, len by
> som to chcel prave na jednej.

Doporucuji se precist FAQ od mod_ssl (www.modssl.org), zvlast, 
kdyz mate problemy s mod_ssl. Cituji:


> Why can't I use SSL with name-based/non-IP-based virtual hosts?
> [L]
> The reason is very technical. Actually it's some sort of a chicken and
> egg problem: The SSL protocol layer stays below the HTTP protocol
> layer and encapsulates HTTP. When an SSL connection (HTTPS) is
> established Apache/mod_ssl has to negotiate the SSL protocol
> parameters with the client. For this mod_ssl has to consult the
> configuration of the virtual server (for instance it has to look for
> the cipher suite, the server certificate, etc.). But in order to
> dispatch to the correct virtual server Apache has to know the Host
> HTTP header field. For this the HTTP request header has to be read.
> This cannot be done before the SSL handshake is finished. But the
> information is already needed at the SSL handshake phase. Bingo! 

Takze to proste _nejde_ a basta.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOIRE6VMwP8g7qbw/EQKFFQCgteNnKCStHtOzXlep3S/cmEJXUW8AnjRa
dn94rus3uDfDRN8ClKW5kIvY
=ZU1T
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
Petr.Novotny na antek.cz
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
                                                             [Tom Waits]