We found out that calling a host like following using curl 7.21 or 7.24 does produce an error in the apache config (we have multiple SSL Vhosts!). Whereas the same command runs smooth with curl 7.34 and higher. Does anyone know why?
Command: curl https://192.168.0.1/version -H "Host: example.domain.com" -k
This should return a version like "1.2.1". It really does with newer curls (tested 7.34 and 7.38/39) but returns a 400 with curl 7.21/7.24.
When executing with an older curl, the apache returns this:
[error] Hostname 192.168.0.1 provided via SNI and hostname example.domain.com provided via HTTP are different
Normally i thought this could be a problem due to missing SNI support in curl, but i've read that SNI should have been added to curl 7.18 already.
Best Answer
The described behaviour is correct. SNI is based on the URL (
192.168.0.1), host HTTP header is set manually by you (example.domain.com).When Apache handles this request, it gets
192.168.0.1in SNI and uses configuration for that vhost (probably default). However when the payload is decrypted it encounters a different host => ERROR.