Date: Fri, 22 Nov 2002 21:04:09 +0300 From: Alex Povolotsky <tarkhil@webmail.sub.ru> To: Adrian Filipi-Martin <adrian+freebsd-security@ubergeeks.com>, freebsd-security@FreeBSD.ORG Subject: Re: jailed virtual https, anyone? Message-ID: <20021122210409.0061b0c7.tarkhil@webmail.sub.ru> In-Reply-To: <20021122113328.M48082-100000@lorax.ubergeeks.com> References: <20021122155027.7f694357.tarkhil@webmail.sub.ru> <20021122113328.M48082-100000@lorax.ubergeeks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Nov 2002 11:38:51 -0500 (EST) Adrian Filipi-Martin <adrian+freebsd-security@ubergeeks.com> wrote: AFM> You still have to do IP-based hosting for https. It doesn't matter AFM> that they have their IP's in the jails. AFM> AFM> The problem is that the SSL channel has already been negotiated and AFM> established before apache gets to consider the "Host:" header which is AFM> mostly what the virtual hosting is based upon. This means that it's too AFM> late to select a different virtual host without generating an SSL hostname AFM> mistmatch warning. YES!!! YES!!! YES!!! I do understand it for quite some time!!! But, for instance, transproxy extracts real IP information from /dev/ipl, which seems to be unavailable from inside the jail. I need either proxy with some method of SSL environment variables passing, or some apache module retrieving information from /dev/ipl or something else, or some way to transfer packets keeping original destination address. That is what I'm seeking here. -- Alex. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021122210409.0061b0c7.tarkhil>