Problem with Server Name Indication (SNI)

Bug #1272891 reported by Vasya Pupkin on 2014-01-26
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Undecided
Unassigned

Bug Description

According to http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL it should be possible to supply individual pem file per virtual host. And it partially works. For example, I have 2 virtual hosts configured:

$HTTP["host"] =~ "^example1\.org$" {
  ssl.pemfile = "/etc/lighttpd/example1.pem"
  server.document-root = "/www/example1/"
  server.error-handler-404 = "/index.php"
}

$HTTP["host"] =~ "^example2\.org$" {
  ssl.pemfile = "/etc/lighttpd/example2.pem"
  server.document-root = "/www/example2/"
}

After doing sudo service lighttpd force-reload I can access, for example, https://example1.org/ and it will be with proper certificate, but if I access https://example2.org/, it will use certificate from example1.org. If I force-reload again and access https://example2.org/ first, it will be fine, but https://example1.org/ will use example2.org's certificate.

So, the problem is that SNI implementation is broken. Instead of picking pem file configured per each virtual host, lighttpd picks pem file for first accessed virtual host and uses it for every other virtual host.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: lighttpd 1.4.26-1.1ubuntu3.1
ProcVersionSignature: Ubuntu 2.6.32-55.117-server 2.6.32.61+drm33.26
Uname: Linux 2.6.32-55-server x86_64
Architecture: amd64
Date: Sun Jan 26 16:07:17 2014
InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64 (20110211.1)
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: lighttpd

Vasya Pupkin (shadowlmd) wrote :
Vasya Pupkin (shadowlmd) on 2014-01-27
description: updated
dino99 (9d9) wrote :

That version is no more supported; and backport is not expected as its not a 'security' problem

Changed in lighttpd (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers