From ceaa1fee2cde37e4f10cadda62aef4ae6d430c7d Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Tue, 24 Mar 2009 10:56:55 +0000
Subject: [PATCH] * Do not allow name based virtual hosts in the case no
 hostname was   provided via SNI.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@757720 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_kernel.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 6a63e74486..c5179f94d6 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -186,6 +186,16 @@ int ssl_hook_ReadReq(request_rec *r)
             return HTTP_BAD_REQUEST;
         }
     }
+    else if (r->connection->vhost_lookup_data) {
+        /*
+         * We are using a name based configuration here, but no hostname was
+         * provided via SNI. Don't allow that.
+         */
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+                     "No hostname was provided via SNI for a name based"
+                     " virtual host");
+        return HTTP_FORBIDDEN;
+    }
 #endif
     SSL_set_app_data2(ssl, r);
 
-- 
2.50.1