Amazing words from Hiroharu Tamaru(tamaru):
#> What confuses me about this, though, is that I have different
#> https virtual hosts that.. work. I'm not arguing the validity of
#> the Apache ssl faq.. I'm just stating why it's odd to me.. ;)
#I assume you have the same server key for all your name
#virtual hosts? In that case, httpd-error.log probably
#complains that the server name and the DN of the certificate
#contradicts one another (for at least some of the servers),
#and so could the client browser.
That's correct (on both accounts).
#If you simply want a different namespace I think that's
#fine, but if you want the server authentication to work for
#the general public based on the certificate, it'd be a
#problem. An encryption without server authentication
#probably isn't the kind of security that SSL is designed to
#establish (but users can make their choises, I'd say :) ).
I'm not using this setup for any kind of sensitive data.. So I
suppose falling back to non-SSL isn't too big of a deal
(for svn). Being the paranoid person I am, though, I wanted
to have some layer of protection in place. I always feel
sketchy transmitting any kind of password in the clear. =/
I wish I had multiple ip addresses at my disposal, and I
didn't have buddies on my machine that need to use SSL
vhosts. It'd be much easier to get this going.. ;)
Thanks for the input!
Joan of Arc heard voices too.
Received on Thu Nov 18 19:43:08 2004
- application/pgp-signature attachment: stored