Problem with Server Name Indication (SNI)

Bug #1272891 reported by Vasya Pupkin on 2014-01-26
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)

Bug Description

According to it should be possible to supply individual pem file per virtual host. And it partially works. For example, I have 2 virtual hosts configured:

$HTTP["host"] =~ "^example1\.org$" {
  ssl.pemfile = "/etc/lighttpd/example1.pem"
  server.document-root = "/www/example1/"
  server.error-handler-404 = "/index.php"

$HTTP["host"] =~ "^example2\.org$" {
  ssl.pemfile = "/etc/lighttpd/example2.pem"
  server.document-root = "/www/example2/"

After doing sudo service lighttpd force-reload I can access, for example, and it will be with proper certificate, but if I access, it will use certificate from If I force-reload again and access first, it will be fine, but will use's certificate.

So, the problem is that SNI implementation is broken. Instead of picking pem file configured per each virtual host, lighttpd picks pem file for first accessed virtual host and uses it for every other virtual host.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: lighttpd 1.4.26-1.1ubuntu3.1
ProcVersionSignature: Ubuntu 2.6.32-55.117-server
Uname: Linux 2.6.32-55-server x86_64
Architecture: amd64
Date: Sun Jan 26 16:07:17 2014
InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64 (20110211.1)
 PATH=(custom, no user)
SourcePackage: lighttpd

Vasya Pupkin (shadowlmd) wrote :
Vasya Pupkin (shadowlmd) on 2014-01-27
description: updated
dino99 (9d9) wrote :

That version is no more supported; and backport is not expected as its not a 'security' problem

Changed in lighttpd (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers