Forum
Problems finding the correct SSL certificate
Kai
24 September 2014, 17:57
Hi folks,
I am having two virtual hosts configured for my Hiawatha server:
So far, i thought that if I am calling a URL with https://rsstestfeed.adv-fs.net/testXML.xml, the certificate stored in rsstestfeed.pem will be used. If I am calling a URL like https://wiki.adv-fs.net, the certificate saved in adv-fs.pem will be used. If I am calling a URL from any other domain (there are also 5 additional virtual hosts for other domains configured on this hiawatha server), then the certificate from the file given for the Binding at the top is used.
Unfortunately, the behavior is different from what I expect, because the certificate from adv-fs.pem is used for any sub-domain from adv-fs.net. If I delete the second entry for the Hostname in the lower virtual host (the one with *), than all certificates are used as supposed.
What's driving me mad is, how can the entries from the lower virtual host influence the ones from the upper one and where am I going wrong with my assumptions ?? Hopefully, someone can switch the light on for me, please
Many tx.
Cheers
Kai
Hiawatha version: 9.7
Operating System: CentOS 6.5
I am having two virtual hosts configured for my Hiawatha server:
Binding {
BindingId = external
Port = 443
Interface = xx.xx.xx.xx
...
SSLcertFile = /usr/local/etc/hiawatha/general.pem
}
...
VirtualHost {
Hostname = rsstestfeed.adv-fs.net
SSLcertFile = /usr/local/etc/hiawatha/rsstestfeed.pem
WebsiteRoot = /usr/local/var/www/RSS
StartFile = index.html
...
}
VirtualHost {
Hostname = www.adv-fs.net, *.adv-fs.net
SSLcertFile = /usr/local/etc/hiawatha/adv-fs.pem
WebsiteRoot = /usr/local/var/www/advfs
...
}
So far, i thought that if I am calling a URL with https://rsstestfeed.adv-fs.net/testXML.xml, the certificate stored in rsstestfeed.pem will be used. If I am calling a URL like https://wiki.adv-fs.net, the certificate saved in adv-fs.pem will be used. If I am calling a URL from any other domain (there are also 5 additional virtual hosts for other domains configured on this hiawatha server), then the certificate from the file given for the Binding at the top is used.
Unfortunately, the behavior is different from what I expect, because the certificate from adv-fs.pem is used for any sub-domain from adv-fs.net. If I delete the second entry for the Hostname in the lower virtual host (the one with *), than all certificates are used as supposed.
What's driving me mad is, how can the entries from the lower virtual host influence the ones from the upper one and where am I going wrong with my assumptions ?? Hopefully, someone can switch the light on for me, please
Many tx.
Cheers
Kai
Hiawatha version: 9.7
Operating System: CentOS 6.5
Hugo Leisink
24 September 2014, 19:22
I think it's due to a bug in the code. Please change the following. Edit src/ssl.c and change line 212 to
and the lines 223 - 225 to
Recompile and let me know if this solves your issue.
t_sni_list *sni, *last;
and the lines 223 - 225 to
sni->next = NULL;
if (sni_list == NULL) {
sni_list = sni;
} else {
last = sni_list;
while (last->next != NULL) {
last = last->next;
}
last->next = sni;
}
Recompile and let me know if this solves your issue.
Kai
28 September 2014, 19:07
Hello Hugo,
sorry for being so late, and yes, it solved the problem.
Cheers
Kai
sorry for being so late, and yes, it solved the problem.
Cheers
Kai
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
