On 10/04/07, Paolo Marchiori <paolo at marchiori.net> wrote:
> Colm Buckley, Tue, Apr 10, 2007 at 09:20:47AM +0100:
>
> > The reason is that, with HTTP, virtual hosts are selected using the
> Host:
> > header in the HTTP request. While this is available with HTTPS, the
> HTTP
> > request isn't sent until after the certificates have been exchanged -
> and
> > the hostname of the website is hardwired into the certificate.
>> This won't necessarily pose problems - the only problem was that site
> name verification against the "name on papers" (the Common Name) of the
> certificate failed. But most browsers nowadays support the AltCN field
> in a x.509 certificate, so - provided you can get your hands on a
> multiple-CN certificate, even this problem is solved and you _can_ run
> multiple https sites on the same ip:port.
Wow, I never knew this. Thanks!
Now, I have to think of a situation where it would be useful... :)
Colm
--
Colm Buckley / colm at tuatha.org / +353 87 2469146
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
