Bug 43997

Summary: Only issue "Init: SSL server IP/Port conflict" if certificates are different.
Product: Apache httpd-2 Reporter: Marc W. Mengel <mengel>
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: REOPENED ---    
Severity: minor Keywords: ErrorMessage
Priority: P3    
Version: 2.2.6   
Target Milestone: ---   
Hardware: All   
OS: All   

Description Marc W. Mengel 2007-11-29 14:43:30 UTC 
The httpd server currently issues a warning:
 [warn] Init: SSL server IP/port conflict: vhost1.example.domain:443
(/.../vhosts.conf:14) vs. vhost2.example.domain:443 (/.../vhosts.conf:71)

This warning is only accurate if those two vhosts have differing SSL
certificates.  If they have the same one (i.e. a '*.example.domain' wildcard)
this warning should be suppressed.

To reproduce:
1) self-sign a certificate with CN=*.your.domain
2) setup two NameVirtualHosts on the same IP & port using that certificate & key
3) start httpd
4) check error_log
Comment 1 Ruediger Pluem 2007-11-29 23:39:19 UTC 
No this behaviour is correct as only the SSL settings from the first virtual
host are used. It has been said frequently here: Even with wildcard certs named
based virtual hosting is a bad idea and has many pitfalls. So a warning is due here.
Comment 2 Marc W. Mengel 2007-11-30 07:50:25 UTC 
(In reply to comment #1)
> No this behaviour is correct as only the SSL settings from the first virtual
> host are used. 

Then the warning is only correct if the SSL settings in any other virtual host
are different from the first one.

This could be a Really Useful Warning if it actually differentiated the case
that works from the one that doesn't; instead it just whines that you're doing
name based virtual hosting with SSL, which hopefully you already knew.

But if the goal is just to complain about SSL name-based-vhosting rather than to
complain when someone does it wrong, then please reclose the ticket and I'll 
drop it.
Comment 3 Arya 2011-05-10 05:25:15 UTC 
Yeah, I agree with Marc. There should be a way to suppress this error message. Or drop its loglevel down to notice, instead of warn. I'm a big boy. I know what I'm doing.