|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex Povolotsky (tarkhil_at_webmail.sub.ru)
Date: Fri Nov 22 2002 - 12:04:09 CST
On Fri, 22 Nov 2002 11:38:51 -0500 (EST)
Adrian Filipi-Martin <adrian+freebsd-security
ubergeeks.com> wrote:
AFM> You still have to do IP-based hosting for https. It doesn't matter
AFM> that they have their IP's in the jails.
AFM>
AFM> The problem is that the SSL channel has already been negotiated and
AFM> established before apache gets to consider the "Host:" header which is
AFM> mostly what the virtual hosting is based upon. This means that it's too
AFM> late to select a different virtual host without generating an SSL hostname
AFM> mistmatch warning.
YES!!! YES!!! YES!!! I do understand it for quite some time!!!
But, for instance, transproxy extracts real IP information from /dev/ipl, which seems to be unavailable from inside the jail.
I need either proxy with some method of SSL environment variables passing, or some apache module retrieving information from /dev/ipl or something else, or some way to transfer packets keeping original destination address.
That is what I'm seeking here.
-- Alex.To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]