[jdev] virtual hosting and certificate checking

[Norman Rasmussen]

> This can be problematic for virtual hosting. Consider the following
> scenario:
>
> - - shakespeare.lit runs an XMPP server.
>
> - - shakespeare.lit hosts XMPP services for denmark.lit, montague.lit,
> capulet.lit, etc.
>
> There are two possibilities I can see.

Don't forget option #3:

Just like HTTPS, each hostname/certificate has to have it's own IP
address - this is so that we can tell which certificate to present
based on the IP the client has just connected to.

Unfortunately it's a wastage of IP addresses, but it's something that
most server admins / cert issuers understand already.

Of course, this isn't to say that Option #2 is a better idea, I was
just saying that there's a work around for some servers/situations.

--
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/