SNI support broken in lighttpd-1.4.26
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lighttpd |
Fix Released
|
Undecided
|
Unassigned | ||
lighttpd (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: lighttpd
SNI : http://
Upstream bug (fixed): http://
Description: Using ssl.pemfile inside HTTP host conditionals to enable SNI support results in the wrong certificate being returned. It doesn't seem to matter how many hosts are declared (as few as two). This results in SSL bad domain failures on the browsers. The source of the problem is con->uri.authority not getting cleared which messes up the HTTP host conditional.
I've recompiled 1.4.26-1.1ubuntu3 with the minimal patch provided by upstream note #9 and everything appears to work as expected. This is fixed in 1.4.27 http://
Example host declaration:
$HTTP["host"] == "subdomain.xyz.com" {
}
}
Hope this bug report was helpful. From the looks of it, it effects lucid and Marverick both.
Changed in lighttpd (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: patch patch-accepted-upstream |
Same probleme with this configuration :
$SERVER["socket"] == ":443" { private/ localhost. pem"
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/
}
When I start lighttpd, I get this error :
fabrice@wario:~$ sudo service lighttpd start lib(0): func(0) :reason( 0)
* Starting web server lighttpd
2010-10-06 12:07:39: (network.c.336) SSL: error:00000000:
[fail]