Hi,
> I think this may be related to 729480, but I could be wrong (shouldn't
> have merged so quickly, sorry).
I don't know if it's related. It's certainly not the same, since I don't
use client certificates at all.
> I usually test my patches at least in the area they are made for. So
> SSL (and SNI) is certainly not completely broken, as it worked for me.
Hmm, here it *is* completely broken. I've attached a minimized config-file.
If the "$HTTP"-section or the "ssl.ca-file"-line is removed, I can
connect to lighttpd with SSL again; but if they are there, no
SSL-connections are possible.
The "solution" I found was to downgrade to 1.4.31-4:
apt-get install lighttpd=1.4.31-4
regards,
Roland
# lighttpd configuration template
server.tag = "lighttpd"
server.username = "www-data"
server.groupname = "www-data"
server.pid-file = "/var/run/lighttpd.pid"
server.max-request-size = 1000
server.document-root = "/var/www/"
index-file.names = ( "index.html", "index.htm" )
server.errorlog = "/var/log/lighttpd/error.log"
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/private/mycert.pem"
ssl.ca-file = "/etc/ssl/private/mycert.ca"
}
$HTTP["host"] =~ "^(www\.)?example.com" {
ssl.pemfile = "/etc/ssl/private/mycert2.pem"
ssl.ca-file = "/etc/ssl/private/mycert2.ca"
}
