Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

Firefox security status

Posted Jun 8, 2007 21:19 UTC (Fri) by Los__D (guest, #15263)
In reply to: Firefox security status by jengelh
Parent article: Firefox security status

I can't see how that would work with one IP/virtual hosts?

Before knowing which certificate to show, it'll need to know the hostname, before it can get to the hostname, it needs to decrypt, before it can decrypt, it needs to show a certificate, before knowing which certificate to show, it... And so on, and so forth...

(Log in to post comments)

Posted Jun 8, 2007 21:32 UTC (Fri) by jengelh (subscriber, #33263) [Link]

The ten or so web servers that serve the projects' pages (http://yourproject.sf.net/) all serve exactly one certificate, which certifies "*.sourceforge.net" (yes, this literal string with an asterisk, w/o quotes). Most browsers support this wildcard.
(Minus the fact that project pages are not reachable over https right now...)

Firefox security status

Posted Jun 8, 2007 21:40 UTC (Fri) by Los__D (guest, #15263) [Link]

Of course, but you'd still need a seperate IP for the www.sf.net cert(and another for www.sourceforge.net and *.sourceforge.net), if you didn't use subjectAltName

Firefox security status

Posted Jun 8, 2007 21:56 UTC (Fri) by jengelh (subscriber, #33263) [Link]

I never claimed projects.sf.net is the same as www.sf.net. You would have found out by running /usr/bin/host anyway.

Firefox security status

Posted Jun 8, 2007 22:02 UTC (Fri) by Los__D (guest, #15263) [Link]

We were discussing if one will need more than one IP for several hosts, I thought that your www.sf.net/*.sf.net suggestion was about using one IP, also for www.sf.net.

I was obviously mistaken.