SquaresDB: Apparently I can check peer name

[sysconfig/apache2.git] / sites-available / mit-proxy.conf

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b3d06f6e24c184f617e01894426f40001cddd1cb..7da8eb2b5c0324a94b40c8d76602e5265e978e93 100644 (file)
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -17,9 +17,7 @@
     SSLProxyVerify require
     SSLProxyVerifyDepth 2
     SSLProxyCACertificatePath /etc/ssl/certs
-    # Really I want to validate that the name matches squaresdb.dehnerts.com,
-    # but apparently that's not a thing, AFAICT.
-    SSLProxyCheckPeerName off
+    SSLProxyCheckPeerName on
     ProxyPass "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPassReverse "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPreserveHost on