[Systems] [Fwd: Re: Server Name Indication - Wikipedia, the free encyclopedia]

[Raul Gutierrez Segales]

On Tue, 2010-08-24 at 09:21 -0300, Bernie Innocenti wrote:
> El Tue, 24-08-2010 a las 04:38 -0400, Raul Gutierrez Segales escribió:
> > But you have to load en special extension for Apache that provides SNI,
> > you've done that right?
> 
> Really? I thought SNI was included in mod_ssl... In fact, I can't find
> any specific module.

Quoting the docs [1]:

Prerequisites to use SNI
Use OpenSSL 0.9.8f or later 
  * Build OpenSSL with the TLS Extensions option enabled (option
    enable-tlsext; OpenSSL 0.9.8k and later has this enabled by
    default). 
  * Apache must have been built with that OpenSSL (./configure
    --with-ssl=/path/to/your/openssl). In that case, mod_ssl will
    automatically detect the availability of the TLS extensions and
    support SNI. 
  * Apache must use that OpenSSL at run-time, which might require
    setting LD_LIBRARY_PATH or equivalent to point to that OpenSSL,
    maybe in bin/envvars. (You'll get unresolved symbol errors at Apache
    startup if Apache was built with SNI but isn't finding the right
    openssl libraries at run-time.) 

re using enable-tlsext we've got:

rgs at sunjammer:~$ dpkg -p openssl | grep -i version
Version: 0.9.8g-15ubuntu3.4


rgs

[1] http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

> 
> > Would you mind posting the relevant config snippets?
> 
> Sorry, I'm offline now. See /etc/apache2/sites-enabled/www.sugarlabs.org
> I did not change anything else.
>