On Fri, Feb 09, 2018 at 07:54:22PM +0100, Landry Breuil wrote:
> Hi,
>
> on ftp.fr we use httpd on 6.2.
>
> The config more or less looks like:
>
> server "default" {
> alias distfiles.bsdfrog.org
> listen on egress port www
> location "/*" {
> block return 301 "https://$SERVER_NAME$REQUEST_URI";
> }
>
> }
>
> server "distfiles.bsdfrog.org" {
> listen on egress tls port https
> root "/distfiles"
> # tls ticket lifetime 1800
> tls certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
> tls key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
> }
>
> server "ftp.fr.openbsd.org" {
> listen on egress port www
> listen on egress tls port https
> root "/mirror/ftp"
> # tls ticket lifetime 1800
> tls certificate "/etc/ssl/pond.obspm.bsdfrog.org.crt"
> tls key "/etc/ssl/private/pond.obspm.bsdfrog.org.key"
> }
>
>
> Which works fine with https on the different vhosts. But as soon as i
> uncomment
> the tls ticket lifetime lines, httpd -nvv complains about configuration
> mismatch:
>
> server_tls_load_keypair: using certificate /etc/ssl/pond.obspm.bsdfrog.org.crt
> server_tls_load_keypair: using private key
> /etc/ssl/private/pond.obspm.bsdfrog.org.key
> /etc/httpd.conf:37: server "ftp.fr.openbsd.org": tls configuration mismatch
> on same address/port
I think i've found the bug - it manifests only if there are 3 server
definitions sharing a cert, not with 2. Will dig further.
Landry
