[cups.general] ServerName not used accesing admin in GUI

[Michael Sweet]

On Mar 17, 2010, at 1:06 AM, Victor wrote:
> As far as i known, the certificate does not use IP addresses, so you do not have to know if it is a CNAME or an A DNS record. Therefore, we made a quick test. On schedule/client.c we added the line:

The certificate uses a "common name", which the browser compares to the name used in the URL. However, the server can't know which hostname was used when accepting an SSL connection so the use of CNAME's is strongly discouraged since it makes it very easy for the names to not match.

The usual way of dealing with this is to get a domain certificate and than use multiple A (or AAAA) records to point to the servers.  That way both the specific (server1.printserver.example.com) and generic (printserver.example.com) work.

> strcpy (con->servername, "printserver");
> 
> And we have verified that this way works without the browser will indicate that the certificate is invalid.
> 
> Is there something wrong with this? Why not use ServerName variable?

Because you didn't connect with the ServerName? If we don't set the server name properly then we can end up directing the user to an address that doesn't work...

We could consider using the name passed in the Host: field of the client's request, however that can still be the "wrong" name.

________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair