Project

General

Profile

Feature #2272

To allow different ssl.pemfile settings for different $HTTP["remoteip"]

Added by u1akesti over 6 years ago. Updated 6 months ago.

Status:
Fixed
Priority:
Low
Assignee:
-
Category:
TLS
Target version:
Start date:
2010-11-08
Due date:
% Done:

100%

Missing in 1.5.x:
No

Description

Currently, the following configuration directive does not work as expected - instead, the default ssl.pemfile is used for all incoming connections:

ssl.pemfile = "/etc/lighttpd/server.pem" 

$HTTP["remoteip"] =~ "^1\.2\.3\." {
 ssl.pemfile = "/etc/lighttpd/server2.pem" 
}

I would like to suggest a feature enhancement where the SSL server certificate can be different depending on the connecting IP address.

(If this is a feature that would be of interest, I could write it and supply a patch, if you want? I'll be doing so anyway for my own locally installed copy of lighty.)

Associated revisions

Revision ee40397f (diff)
Added by gstrauss 6 months ago

[TLS] remote IP conditions are valid for TLS SNI (fixes #2272)

x-ref:
"To allow different ssl.pemfile settings for different $HTTP["remoteip"]"
https://redmine.lighttpd.net/issues/2272

History

#1 Updated by Olaf-van-der-Spek over 6 years ago

What's the use case for this?

#2 Updated by gstrauss 12 months ago

  • Category set to TLS

#3 Updated by gstrauss 7 months ago

  • Status changed from New to Need Feedback

Is there still interest in this? What is an example of a use case?

#4 Updated by gstrauss 7 months ago

  • Status changed from Need Feedback to Missing Feedback

#5 Updated by gstrauss 6 months ago

  • Status changed from Missing Feedback to Patch Pending
  • Target version set to 1.4.43

#6 Updated by gstrauss 6 months ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom