From: Ruediger Pluem <rpluem@apache.org>
Date: Tue, 24 Mar 2009 10:56:55 +0000 (+0000)
Subject: * Do not allow name based virtual hosts in the case no hostname was
X-Git-Tag: 2.3.3~847
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ceaa1fee2cde37e4f10cadda62aef4ae6d430c7d;p=apache

* Do not allow name based virtual hosts in the case no hostname was
  provided via SNI.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@757720 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 6a63e74486..c5179f94d6 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -186,6 +186,16 @@ int ssl_hook_ReadReq(request_rec *r)
             return HTTP_BAD_REQUEST;
         }
     }
+    else if (r->connection->vhost_lookup_data) {
+        /*
+         * We are using a name based configuration here, but no hostname was
+         * provided via SNI. Don't allow that.
+         */
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                     "No hostname was provided via SNI for a name based"
+                     " virtual host");
+        return HTTP_FORBIDDEN;
+    }
 #endif
     SSL_set_app_data2(ssl, r);