Bug 211551

Summary:	www-servers/apache-2.2.8: Config Line "NameVirtualHost" for ssl is missing
Product:	Gentoo Linux	Reporter:	Pat <sysspoof>
Component:	New packages	Assignee:	Apache Team - Bugzilla Reports <apache-bugs>
Status:	RESOLVED INVALID
Severity:	minor
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Pat 2008-02-26 18:37:26 UTC

After a simple "emerge apache", a lot of config files are written to /etc/apache2.
One of the files is: /etc/apache2/vhosts.d/00_default_ssl_vhost.conf
This is missing the line: NameVirtualHost *:443
Without this line, if you add some more ssl based vhosts, the apache server reacts strange and doesn't do, what you expected after adding some vhosts. For example default DocRoot is /var/www/htdocs/example-com. Then you add a second vhost, which points to /var/www/htdocs/sub-example-com which is a ssl vhost. If the Line "NameVirtualHost *:443" is missing and you connect to https://sub.example.com, then you will see the content from /var/www/htdocs/example-com (the default vhost, defined in default_vhost.include). But when adding "NameVirtualHost *:443", it shows correctly the content from /var/www/htdocs/sub-example-com.

Reproducible: Always

Steps to Reproduce:
1. Add a second ssl vhost with a different DocRoot then the one defined in default_vhost.include
2. Connect to https://secondsslvhost.com

Actual Results:  
You will the the wrong web content.

Expected Results:  
Showing the DocRoot defined in the second ssl vhost config.

Comment 1 Benedikt Böhm (RETIRED) gentoo-dev

2008-02-27 19:42:26 UTC

apache does not support name-based virtual hosting for ssl (in fact ssl does not allow for this feature), however, the TLS Servername Indication (SNI) patch allows you to do this, but be aware that not all browsers support this feature ... USE=sni if you want it, in which case you need to add NameVirtualHost *:443 yourself ...