SSL to virtual host

From: Alastair Waddell <awaddell@dont-contact.us>
Date: Sun, 13 Dec 1998 17:38:48 +1100

I have configured virtual hosts on an apache 1.3.3 server (yes this is a
squid question). I have SSL disabled globally in the apache config with
two virtuals currently configured. One is the '_default_' server which
uses a self signed certificate and the other is a client virtual using a
Thawte cert on a virtual interface (ip based host). Here's the symptoms
of the problem:

o When connecting directly there is no problem
o When connecting via my uplink's proxy (squid2.0 and 1.2.23) there is
no problem (ie uplink's proxy configured in my browser)
o When connecting via our proxy with netscape 4.06 I get presented
with the self signed cert when calling the Thawte signed virtual host
o Just to make it interesting, when I connect with IE4 I get the pages
of the _default_ server with the Thawte cert when calling the Thawte
signed virtual host

The problem exists in both my config for 1.2.24 and 2.1.PATCH2

My squid.conf is setup for transproxy via cisco. Here's what I think are
the relevent bits:

acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl me 210.8.87.1/32
http_access allow me

acl somenet 203.31.206.0/23
always_direct allow somenet
never_direct deny somenet

httpd_accel_host someserver.legion.com.au
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

210.8.87.1 [13/Dec/1998:17:16:12 +1100] "Mozilla/4.06 [en] (Win95; U)"
913529772.816 592 210.8.87.1 TCP_MISS/000 2864 CONNECT
secure.somenet.net.au:443 - DIRECT/secure.somenet.net.au -

(should that perhaps be 'DIRECT/secure.somenet.net.au:443')

<from apache>

==> /var/log/httpd/access_log <==
210.8.21.233 - - [13/Dec/1998:17:17:48 +1100] "GET / HTTP/1.0" 200 2490

==> /var/log/httpd/ssl_log <==
[13/Dec/1998:17:17:48 +1100] 210.8.21.233 SSLv3 EXP-RC4-MD5 - - "GET /
HTTP/1.0" 2490

When I request without a proxy, the request is in http1.1 format
(remembering that this _isn't_ a name based virtual host)

==> /var/log/httpd/somenet-access_log <==
210.8.87.1 - - [13/Dec/1998:16:40:20 +1100] "GET /apache_pb.gif
HTTP/1.1" 304 -

==> /var/log/httpd/somenet-ssl_log <==
[13/Dec/1998:16:40:20 +1100] 210.8.87.1 SSLv3 EXP-RC4-MD5 - - "GET
/apache_pb.gif HTTP/1.1" -

configure --help shows no special ssl feature. fwiw, I've configured
with:

./configure --enable-cachemgr-hostname=blitzen.legion.com.au
--enable-snmp --enable-useragent-log --prefix=/usr/local/squid

Regards,

-- 
----------------------------------------------------------------------
Alastair Waddell		o Tel +61 3 96400400
Legion Internet	                 
Queen Street, Melbourne		o Full featured VISP Facility
Virtual Services + DNS Maintenance + ISP Co-location + Internetworking
Received on Sat Dec 12 1998 - 23:25:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:38 MST