Opened 7 years ago

Last modified 7 years ago

#21 new defect

SNI vhost selection fails intermittently

Reported by: Daniel Kahn Gillmor Owned by: Daniel Kahn Gillmor
Priority: major Component: code
Version: 5.11 Keywords: sni vhost test-needed mod_proxy


jomat reports some problems with the server at it has a single IPv4 address, with several name-based vhosts. the default vhost is other distinct vhosts include and They use SNI to distinguish them.

Using mod_gnutls 0.5.10+lots of git revisions (close to what i'm hoping will be the 0.6 release), against gnutls 3.2.4-4 and apache 2.4.6-3, when the server starts up, everything is fine.

then, after a little while, sometimes selection via SNI starts to fail, and the default certificate is presented instead.

We haven't been able to track down what causes it yet.

It happens regardless of whether one is using openssl s_client or refreshing a web page.

we probably need a test for this.

Change History (1)

comment:1 Changed 7 years ago by Daniel Kahn Gillmor

Keywords: mod_proxy added

jomat adds:

17:50 < jomat> I have never seen the problem on other vhosts than and
17:50 < jomat> and these are the only two vhosts using mod_proxy
Version 0, edited 7 years ago by Daniel Kahn Gillmor (next)
Note: See TracTickets for help on using tickets.