Changes between Version 1 and Version 2 of Ticket #848, comment 7
- 04/27/16 12:19:08 (6 years ago)
v1 v2 3 3 If someone has a valid certificate and then changes subdomain to access a different project, authentication is required again and everything works fine. 4 4 If someone hasn't any valid certificate, he can access the first subdomain without problems, but if he changes subdomain, he gets a 400 error (client attempted to request the server name different from that one was negotiated while reading client request headers). 5 I think that the server should simply authenticate again if subdomain changes in order to solve this. 5 6 ''I think that the server should simply authenticate again if subdomain changes in order to solve this.'' 7 Edit: I think that the server should simply accept connections for different subdomains if the server certificate is valid for both subdomains, since this is what it does when ssl_verify_client is turned off. 8 6 9 If ssl_verify_client is set to on or off, the problem disappears but I have to make changes to my web application to use only/avoid certificate authentication. 7 10 This happens with both Firefox and Chrome so I think I can't complain to browser vendors.