Re: [squid-users] multiple ssl certificates

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 09 Jul 2003 13:47:49 +0200

ons 2003-07-09 klockan 10.41 skrev Jan Legenhausen:
> Hi,
>
> though i found a mail from Henrik (dated Wed Apr 18 2001) talking about
> using multiple certificates on a https_port, i was not able to figure out
> how this could be achieved using squid-2.5.STABLE2.

This is technically impossible, not a limitation of Squid.

You can only have a single server certificate per ip:port combination.
The server certificate exchange is one of the very first things that
happen, long before the client transmits the request and thus long
before it can be determined which domain name the client have requested.

https:// is the protocol chain HTTP/SSL/TCP/IP, and as you can see SSL
runs below HTTP and does not have knowledge of the HTTP content. It just
encrypts/decrypts the http data.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Wed Jul 09 2003 - 05:47:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:54 MST