projects / sysconfig / apache2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9aa0f02)
SquaresDB: Apparently I can check peer name
authorAlex Dehnert <alex@dehnerts.com>
Fri, 9 Jul 2021 00:22:40 +0000 (20:22 -0400)
committerAlex Dehnert <alex@dehnerts.com>
Fri, 9 Jul 2021 00:22:40 +0000 (20:22 -0400)
I'm guessing that by passing ProxyPreserveHost, I make it accept
squaresdb.dehnerts.com in the cert? In any case, it seems to work now.

sites-available/mit-proxy.conf patch | blob | history

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b3d06f6e24c184f617e01894426f40001cddd1cb..7da8eb2b5c0324a94b40c8d76602e5265e978e93 100644 (file)
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -17,9 +17,7 @@
     SSLProxyVerify require
     SSLProxyVerifyDepth 2
     SSLProxyCACertificatePath /etc/ssl/certs
-    # Really I want to validate that the name matches squaresdb.dehnerts.com,
-    # but apparently that's not a thing, AFAICT.
-    SSLProxyCheckPeerName off
+    SSLProxyCheckPeerName on
     ProxyPass "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPassReverse "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPreserveHost on