Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cherokee: users

SSL IP VHosts without SNI

  

 
Cherokee users RSS feed   Index | Next | Previous | View Threaded


bluedragonx at gmail

Sep 24, 2009, 1:23 PM

Post #1 of 5 (645 views)
Permalink
SSL IP VHosts without SNI
Hello,I've been researching Cherokee as a potential alternative to Apache
for a major installation I support. One of the requirements we have is
multiple IP-based SSL vhosts without the use of SNI.

I've configured my test server with two IP addresses. Cherokee is set to
listen on all IP addresses by default. I have created two virtual hosts
using the Server IP host matching method and assigned two different SSL
certs to those vhosts. However, no matter which vhost I access I
always receive the SSL cert for the first vhost.

Is it not possible to do IP based SSL vhosts without SNI? Does Cherokee
only support SNI for multiple vhosts? Or am I doing something wrong?

Thanks,
Ryan


stefan at konink

Sep 24, 2009, 1:28 PM

Post #2 of 5 (604 views)
Permalink
Re: SSL IP VHosts without SNI [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ryan Bourgeois schreef:
> Is it not possible to do IP based SSL vhosts without SNI? Does Cherokee
> only support SNI for multiple vhosts? Or am I doing something wrong?

Works only by starting different Cherokee instances :) With binds to the
different IPs.

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkq71mkACgkQYH1+F2Rqwn3syACfUHCU/fQNT0jzibinNwRKqqpo
zm4Anin1c3VDxkA/O15M5lCcpWyCFkdq
=g1VK
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee


bluedragonx at gmail

Sep 24, 2009, 1:35 PM

Post #3 of 5 (603 views)
Permalink
Re: SSL IP VHosts without SNI [In reply to]
Stefan.
That seems rather excessive and less than ideal. It would make managing our
installation a nightmare - currently we have about 120 different SSL enabled
vhosts.
Are there any sort of plans to develop this functionality (I didn't see
anything perusing the bug tracker)? If not, I may look into it myself and
submit a patch, if I find time.

This is the only barrier preventing me from making a push to replace Apache
with Cherokee.

Thanks,
Ryan

On Thu, Sep 24, 2009 at 3:28 PM, Stefan de Konink <stefan [at] konink> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Ryan Bourgeois schreef:
> > Is it not possible to do IP based SSL vhosts without SNI? Does Cherokee
> > only support SNI for multiple vhosts? Or am I doing something wrong?
>
> Works only by starting different Cherokee instances :) With binds to the
> different IPs.
>
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkq71mkACgkQYH1+F2Rqwn3syACfUHCU/fQNT0jzibinNwRKqqpo
> zm4Anin1c3VDxkA/O15M5lCcpWyCFkdq
> =g1VK
> -----END PGP SIGNATURE-----
>


stefan at konink

Sep 24, 2009, 1:37 PM

Post #4 of 5 (611 views)
Permalink
Re: SSL IP VHosts without SNI [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ryan Bourgeois schreef:
> That seems rather excessive and less than ideal.

That is the way it is now. RFE, or get a support contract ;)

Stefan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREKAAYFAkq72KIACgkQYH1+F2Rqwn191ACeLARu5cGwXeKUz4uYNSs1pM7K
ZY4AoIbwvmO3+nFBOcSirmgo4xcTlA/x
=WWzu
-----END PGP SIGNATURE-----
_______________________________________________
Cherokee mailing list
Cherokee [at] lists
http://lists.octality.com/listinfo/cherokee


bluedragonx at gmail

Sep 25, 2009, 9:00 AM

Post #5 of 5 (613 views)
Permalink
Re: SSL IP VHosts without SNI [In reply to]
I've submitted a patch for this functionality to the dev list.
-Ryan

On Thu, Sep 24, 2009 at 3:37 PM, Stefan de Konink <stefan [at] konink> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Ryan Bourgeois schreef:
> > That seems rather excessive and less than ideal.
>
> That is the way it is now. RFE, or get a support contract ;)
>
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEAREKAAYFAkq72KIACgkQYH1+F2Rqwn191ACeLARu5cGwXeKUz4uYNSs1pM7K
> ZY4AoIbwvmO3+nFBOcSirmgo4xcTlA/x
> =WWzu
> -----END PGP SIGNATURE-----
>

Cherokee users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.