As per https://issues.apache.org/bugzilla/show_bug.cgi?id=51746, note

that wildcard certs and subjectAltName are viable solutions.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1296921 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en
index 047eaa184ea7596a0f57b272f97e13c873ec359f..c2c39eb408d59dfefb9e154dd969952468f83246 100644 (file)
--- a/docs/manual/ssl/ssl_faq.html.en
+++ b/docs/manual/ssl/ssl_faq.html.en
@@ -762,7 +762,13 @@ error when connecting to my newly installed server?</a></h3>
     Apache has to know the <code>Host</code> HTTP header field. To do this, the
     HTTP request header has to be read. This cannot be done before the SSL
     handshake is finished, but the information is needed in order to 
-    complete the SSL handshake phase. Bingo!</p>
+    complete the SSL handshake phase. See the next question for how to
+    circumvent this issue.</p>
+
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
 
 
 <h3><a name="vhosts2" id="vhosts2">Why is it not possible to use Name-Based
@@ -778,6 +784,11 @@ Virtual Hosting to identify different SSL virtual hosts?</a></h3>
     feature that only the most recent revisions of the SSL
     specification added, called Server Name Indication (SNI).</p>
 
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
+
     <p>The reason is that the SSL protocol is a separate layer which
     encapsulates the HTTP protocol. So the SSL session is a separate 
     transaction, that takes place before the HTTP session has begun. 

diff --git a/docs/manual/ssl/ssl_faq.xml b/docs/manual/ssl/ssl_faq.xml
index 30f5feceb548add9cee1bfcff9f6cb4fb42f2575..9093cab217441012956a1fbdbb70555c2efebb95 100644 (file)
--- a/docs/manual/ssl/ssl_faq.xml
+++ b/docs/manual/ssl/ssl_faq.xml
@@ -771,7 +771,13 @@ error when connecting to my newly installed server?</title>
     Apache has to know the <code>Host</code> HTTP header field. To do this, the
     HTTP request header has to be read. This cannot be done before the SSL
     handshake is finished, but the information is needed in order to 
-    complete the SSL handshake phase. Bingo!</p>
+    complete the SSL handshake phase. See the next question for how to
+    circumvent this issue.</p>
+
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
 </section>
 
 <section id="vhosts2"><title>Why is it not possible to use Name-Based
@@ -787,6 +793,11 @@ Virtual Hosting to identify different SSL virtual hosts?</title>
     feature that only the most recent revisions of the SSL
     specification added, called Server Name Indication (SNI).</p>
 
+    <p>Note that if you have a wildcard SSL certificate, or a
+    certificate that has multple hostnames on it using subjectAltName
+    fields, you can use SSL on name-based virtual hosts without further
+    workarounds.</p>
+
     <p>The reason is that the SSL protocol is a separate layer which
     encapsulates the HTTP protocol. So the SSL session is a separate 
     transaction, that takes place before the HTTP session has begun.