From 7ed979cbd4ff9cbc216c5bd0777ad78e5e1eaa6a Mon Sep 17 00:00:00 2001
From: Nick Bebout <nb@lockbox01.phx2.fedoraproject.org>
Date: Fri, 23 Aug 2013 02:07:24 +0000
Subject: [PATCH] Enable SNI for keys

---
 files/keyserver/sks.conf | 22 ++++++++++++++++++----
 files/keyserver/ssl.conf |  4 ++--
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/files/keyserver/sks.conf b/files/keyserver/sks.conf
index 769adbe758..fc5d2fe1fa 100644
--- a/files/keyserver/sks.conf
+++ b/files/keyserver/sks.conf
@@ -1,5 +1,6 @@
 ServerName keys.fedoraproject.org
 Listen 80.239.156.219:11371
+NameVirtualHost *:443
 
 <ifModule !mod_proxy.c>
     LoadModule proxy_module modules/mod_proxy.so
@@ -36,16 +37,29 @@ Listen 80.239.156.219:11371
     Deny from all
 </Directory>
 
-<IfModule mod_ssl.c>
+#<IfModule mod_ssl.c>
 <VirtualHost *:443>
         ServerAdmin sysadmin-keys-members@fedoraproject.org
         ServerName keys.fedoraproject.org
+	ServerAlias keys01.fedoraproject.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
+        SSLCertificateKeyFile /etc/pki/tls/wildcard-2013.fedoraproject.org.key
+	ProxyPass / http://localhost:11371/
+	ProxyPassReverse / http://localhost:11371/
+</VirtualHost>
+<VirtualHost *:443>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName pool.sks-keyservers.net
+        ServerAlias sks-keyservers.net
+	ServerAlias *.sks-keyservers.net
 
         SSLEngine on
         SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
         SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
-	ProxyPass / http://localhost:11371/
-	ProxyPassReverse / http://localhost:11371/
+        ProxyPass / http://localhost:11371/
+        ProxyPassReverse / http://localhost:11371/
 </VirtualHost>
 <VirtualHost *:11371>
 	ServerAdmin sysadmin-keys-members@fedoraproject.org
@@ -54,4 +68,4 @@ Listen 80.239.156.219:11371
 	ProxyPassReverse / http://127.0.0.1:11371/
 	SetEnv proxy-nokeepalive 1
 </VirtualHost>
-</IfModule>
+#</IfModule>
diff --git a/files/keyserver/ssl.conf b/files/keyserver/ssl.conf
index 3218a3d6f5..c1ed75057a 100644
--- a/files/keyserver/ssl.conf
+++ b/files/keyserver/ssl.conf
@@ -75,8 +75,8 @@ SSLCryptoDevice builtin
 
 # General setup for the virtual host, inherited from global configuration
 #DocumentRoot "/var/www/html"
-        ProxyPass / http://localhost:11371/
-        ProxyPassReverse / http://localhost:11371/
+    #    ProxyPass / http://localhost:11371/
+     #   ProxyPassReverse / http://localhost:11371/
 #ServerName www.example.com:443
 
 # Use separate log files for the SSL virtual host; note that LogLevel