Re: [exim] SNI and DANE TLSA record monitoring

On Wed, Oct 19, 2016 at 2:35 PM, Felipe Gasper <felipe@???>
wrote:

> SNI is concerned strictly with the domain name, whereas virtual hosting
> (as I’ve seen it) concerns content.
>
> Apache’s SNI configuration is poorly conceived, in my opinion. It forces
> all domains on a given virtual host to use the same certificate, which
> makes no sense. There is no reason whatsoever why “foo.com” and “bar.com”
> should have to serve up the same certificate--regardless of whether those
> two domains serve up the same content.
>

There is *nothing* that prevents you from configuring two virtualhosts in
Apache from serving the same content, so your understanding of how that
configuration works, has some blank spots.


> Exim’s approach of making the SNI request available and allowing the admin
> to do whatever with it is much more ideal. Please do NOT change this!
>

Exim's approach is currently a bit too monolithic to be usable for mass
hosting of many domains with separate certificates, separate
configurations, and separate logfiles.

It's not ideal for that. But that's just how it is.

--
Jan