lighttpd SNI wrong cert

Пн Май 10 22:15:20 BST 2010


On Tue, 11 May 2010 00:56:47 +0400, п■п╣п╫п╦я│ п⌠п╬п╫я┤п╟я─п╬п╡ wrote:  

п║ п╡п╣я─я│п╦п╦
1.4.24, я┐ lighttpd п©п╬я▐п╡п╦п╩п╟я│я▄ п╡п╬п╥п╪п╬п╤п╫п╬я│я┌я▄ п╬п╠я─п╟п╠п╟я┌я▀п╡п╟я┌я▄ п╥п╟п©я─п╬я│я▀ п╬ я┘п╬я│я┌п╣
п╨п╬я┌п╬я─я▀п╧ я┘п╬я┤п╣я┌ п©п╬п╩я┐я┤п╦я┌я▄ п╨п╩п╦п╣п╫я┌, п╢п╩я▐ я─п╟п╥п╢п╣п╩п╣п╫п╦я▐ SSL я│п╣я─я┌п╦я└п╦п╨п╟я┌п╬п╡... (SNI) п≤
п╬я┤п╣п╫я▄ я┤п╟я│я┌п╬ п╡п╪п╣я│я┌п╬ я│п╣я─я┌п╦я└п╦п╨п╟я┌ п╢п╩я▐ subdomain.domain.ru п©п╬п╢я│я┌п╟п╡п╩я▐п╣я┌я│я▐
я│п╣я─я┌п╦я└п╦п╨п╟я┌ domain2.ru п╨ п©я─п╦п╪п╣я─я┐... п÷п╬я┌п╬п╪ п╣я│п╩п╦ п╬п╠п╫п╬п╡п╦я┌я▄ п╫п╣я│п╨п╬п╩я▄п╨п╬ я─п╟п╥ п╡
п╠я─п╟я┐п╥п╣я─п╣ я│я┌я─п╟п╫п╦я├я┐, я┌п╬ п╡я▀п╡п╟п╩п╦п╡п╟п╣я┌я│я▐ я│п╣я─я┌п╦я└п╦п╨п╟я┌ п╢п╩я▐ п╫я┐п╤п╫п╬пЁп╬ я│п╟п╧я┌п╟... п 
я│п╬п╤п╟п╩п╣п╫п╦я▌ п╡ я│п╣я┌п╦ п╫п╣ я┌п╟п╨ п╪п╫п╬пЁп╬ п╦п╫я└п╬я─п╪п╟я├п╦п╦ п╫п╟ я│п╣п╧ я│я┤п╣я┌, п╟ п╡п╣я─я│п╦я▐
lighttpd(ppa) п©п╬я│п╩п╣п╢п╫я▐я▐, я│я┌п╟п╡п╦п╩ : server.max-keep-alive-requests = 0 п╪п╟п╩п╬
п©п╬п╪п╬пЁп╟п╣я┌ п╨п╬п╫я└п╦пЁ п╡я▀пЁп╩я▐п╢п╦я┌ я┌п╟п╨: 

$HTTP["scheme"] =~ "https$"{

server.max-keep-alive-requests = 0
}  

-- 

///////////////////////////////////////////////////
 // With Best Regard's
Goncharov Denis //
//////////////////////////////////////////////////

####
SSL engine
#$SERVER["socket"] == "0.0.0.0:443" {
# ssl.engine = "enable"
#
ssl.pemfile = "/etc/lighttpd/lighttpd.pem"
$HTTP["host"] =~
"(^|www.|!mail.|!blog.)domain1.ru" {
# ssl.pemfile =
"/etc/lighttpd/ssl/www/www.pem"
# ssl.ca-file =
"/etc/lighttpd/ssl/www/ca.pem"
# server.document-root=
"/var/www/domain1.ru/"
#} else $HTTP["host"] =~
"^mail(.domain1.ru|.domain2.com|.domain3.net)" {
# ssl.pemfile =
"/etc/lighttpd/ssl/mail/mail.pem"
# ssl.ca-file =
"/etc/lighttpd/ssl/mail/ca.pem"
# server.document-root= "/var/www/mail/"
#}
else $HTTP["host"] =~ "(^!|!www.|!mail.|blog.)domain1.ru" {
# ssl.pemfile =
"/etc/lighttpd/ssl/www/blog.pem"
# ssl.ca-file =
"/etc/lighttpd/ssl/www/ca.pem"
# server.document-root=
"/var/www/domain1.ru/blog/"
} else $HTTP["host"] =~
"(^|www.|!speedtest.|!mail.)domain3.net" {
# ssl.pemfile =
"/etc/lighttpd/ssl/www/domain3.net.pem"
# ssl.ca-file =
"/etc/lighttpd/ssl/www/ca.pem"
# server.document-root=
"/var/www/domain3.net/"
#}
#server.errorlog =
"/var/log/lighttpd/serror.log"
#accesslog.filename =
"/var/log/lighttpd/saccess.log"
#}  

-- 

///////////////////////////////////////////////////
 // With Best Regard's
Goncharov Denis //
//////////////////////////////////////////////////
 
----------- следущая часть -----------
п▓п╩п╬п╤п╣п╫п╦п╣ п╡ я└п╬я─п╪п╟я┌п╣ HTML п╠я▀п╩п╬ п╦п╥п╡п╩п╣я┤п╣п╫п╬&hellip;
URL: https://lists.ubuntu.com/archives/ubuntu-ru/attachments/20100511/8dce676f/attachment.htm