[Modules] mod_gnutls and domains without its settings

[Simon Josefsson]

Davide Mirtillo <davide at ser-tec.org> writes:

> On Tue, Aug 3, 2010 at 10:43 AM, Simon Josefsson <simon at josefsson.org> wrote:
>> Davide Mirtillo <davide at ser-tec.org> writes:
>>> I'm having a strange issue, though. If i try to visit a domain that has
>>> no virtual host entry for the https connection, apache is displaying the
>>> site with the ssl certificate of the first domain i specified on the ssl
>>> virtualhost config file.
>>>
>>> Is there any way i can stop this behaviour? I thought about adding a
>>> permanent redirect on every domain that does not have a ssl vhost, but
>>> i'd rather see what other options i have before doing that.
>>
>> I don't know how to solve this, but how does mod_ssl handle this?
>> Assuming mod_ssl supports SNI at all, that is, I know it didn't for a
>> long time but maybe that has changed.
>>
>
> I think SNI has been introduced for mod_ssl into newer packages, (i.e.
> in the testing/unstable repos) but running a mixed debian system could
> be troublesome in a production enviroment. I haven't tried mod_ssl
> because of that. I don't know if this issue is caused by my mod_gnutls
> config or if it's an error on my apache config. Am i supposed to
> declare a corresponding https virtual host for every plain http one?

I didn't say you should use mod_ssl instead. :-) Just curious how it
solved the same problem.  FWIW, I've seen your problem too, and never
resolved it.  It may be possible to do with configuration, but I'm not
certain what the best recommended approach should be.  It would be nice
to be able to declare which virtual server should be the "catch-all" SSL
server.

However, can't you just make sure the first SSL virtualhost server is a
"catch-all" server?

/Simon