Re: jailed virtual https, anyone?

From: Alex Povolotsky (tarkhil@webmail.sub.ru)
Date: 11/22/02 

Date: Fri, 22 Nov 2002 21:04:09 +0300
From: Alex Povolotsky <tarkhil@webmail.sub.ru>
To: Adrian Filipi-Martin <adrian+freebsd-security@ubergeeks.com>, freebsd-security@FreeBSD.ORG

On Fri, 22 Nov 2002 11:38:51 -0500 (EST)
Adrian Filipi-Martin <adrian+freebsd-security@ubergeeks.com> wrote:

AFM> You still have to do IP-based hosting for https. It doesn't matter
AFM> that they have their IP's in the jails.
AFM>
AFM> The problem is that the SSL channel has already been negotiated and
AFM> established before apache gets to consider the "Host:" header which is
AFM> mostly what the virtual hosting is based upon. This means that it's too
AFM> late to select a different virtual host without generating an SSL hostname
AFM> mistmatch warning.

YES!!! YES!!! YES!!! I do understand it for quite some time!!!

But, for instance, transproxy extracts real IP information from /dev/ipl, which seems to be unavailable from inside the jail.

I need either proxy with some method of SSL environment variables passing, or some apache module retrieving information from /dev/ipl or something else, or some way to transfer packets keeping original destination address.

That is what I'm seeking here. 

-- 
Alex.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message