[pubcookie-users] virtual host support...

[Jim Hogan]

*John-Paul, *

*I just joined pubcookie-users, so could not respond in your original 
thread, but spotted your this message ....*

*John-Paul Robinson* jpr at uab.edu 
<mailto:pubcookie-users%40u.washington.edu?Subject=%5Bpubcookie-users%5D%20virtual%20host%20support&In-Reply-To=Pine.LNX.4.58.0407141028490.6855%40red0.cac.washington.edu>
/on Wed Jul 14 15:24:15 PDT 2004/ wrote:

 >I've set the values in both the main and vhost config. I'm still getting
 >the granting cookie verification failure.
 >
 >I noticed something in the sample config you sent me and the one I'm
 >using. You're vhosts are IP based and my vhosts are name based. I use a
 >distinct SSL port number to distinguish between the main servers ssl
 >interface and the vhosts ssl interface, port 443 and 444 respectfully.
 >
 >Considering that I'm using two distinct ports, I don't think this should
 >be a problem. Could this be impacting things?

Having recently taken this journey, I think the answer to your last 
question could be "yes".

The Apache 2 doc on name-based vhosts 
(http://httpd.apache.org/docs-2.0/vhosts/name-based.html) is pretty 
adamant that "Name-based virtual hosting cannot be used with SSL secure 
servers because of the nature of the SSL protocol" and the corresponding 
IP-based vhost doc 
(http://httpd.apache.org/docs-2.0/vhosts/ip-based.html) says "As the 
term IP-based indicates, the server *must have a different IP address 
for each IP-based" without any other qualification or mention of 
port-based vhosts.

Maybe they are being too harsh, but I assumed it was tied to cert 
authenticity/uniqueness and went on my merry way.  Luckily, I was able 
to score a couple of additional IPs.

Hope this helps,

Jim
***
**


~jpr

-- 
/*********************************************************/
Jim Hogan jimh at u.washington.edu

Senior Computer Specialist, Department of Biostatistics
phone: 206.616.2725
fax : 206.616.2724
/*********************************************************/