Bug 43997 - Only issue "Init: SSL server IP/Port conflict" if certificates are different.
Summary: Only issue "Init: SSL server IP/Port conflict" if certificates are different.
Status: REOPENED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2.6
Hardware: All All
: P3 minor with 3 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: ErrorMessage
Depends on:
Blocks:
 
Reported: 2007-11-29 14:43 UTC by Marc W. Mengel
Modified: 2011-05-10 05:25 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marc W. Mengel 2007-11-29 14:43:30 UTC
The httpd server currently issues a warning:
 [warn] Init: SSL server IP/port conflict: vhost1.example.domain:443
(/.../vhosts.conf:14) vs. vhost2.example.domain:443 (/.../vhosts.conf:71)

This warning is only accurate if those two vhosts have differing SSL
certificates.  If they have the same one (i.e. a '*.example.domain' wildcard)
this warning should be suppressed.

To reproduce:
1) self-sign a certificate with CN=*.your.domain
2) setup two NameVirtualHosts on the same IP & port using that certificate & key
3) start httpd
4) check error_log
Comment 1 Ruediger Pluem 2007-11-29 23:39:19 UTC
No this behaviour is correct as only the SSL settings from the first virtual
host are used. It has been said frequently here: Even with wildcard certs named
based virtual hosting is a bad idea and has many pitfalls. So a warning is due here.
Comment 2 Marc W. Mengel 2007-11-30 07:50:25 UTC
(In reply to comment #1)
> No this behaviour is correct as only the SSL settings from the first virtual
> host are used. 

Then the warning is only correct if the SSL settings in any other virtual host
are different from the first one.

This could be a Really Useful Warning if it actually differentiated the case
that works from the one that doesn't; instead it just whines that you're doing
name based virtual hosting with SSL, which hopefully you already knew.

But if the goal is just to complain about SSL name-based-vhosting rather than to
complain when someone does it wrong, then please reclose the ticket and I'll 
drop it.
Comment 3 Arya 2011-05-10 05:25:15 UTC
Yeah, I agree with Marc. There should be a way to suppress this error message. Or drop its loglevel down to notice, instead of warn. I'm a big boy. I know what I'm doing.