From 7cc6042d049258fbea44d290a0d922b43f610bf0 Mon Sep 17 00:00:00 2001
From: Alex Dehnert <alex@dehnerts.com>
Date: Thu, 8 Jul 2021 20:22:40 -0400
Subject: [PATCH] SquaresDB: Apparently I can check peer name

I'm guessing that by passing ProxyPreserveHost, I make it accept
squaresdb.dehnerts.com in the cert? In any case, it seems to work now.
---
 sites-available/mit-proxy.conf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b3d06f6..7da8eb2 100644
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -17,9 +17,7 @@
     SSLProxyVerify require
     SSLProxyVerifyDepth 2
     SSLProxyCACertificatePath /etc/ssl/certs
-    # Really I want to validate that the name matches squaresdb.dehnerts.com,
-    # but apparently that's not a thing, AFAICT.
-    SSLProxyCheckPeerName off
+    SSLProxyCheckPeerName on
     ProxyPass "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPassReverse "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPreserveHost on
-- 
2.34.1