httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 14560] - SSLCertificateChainFile behaviour different or broken vs. apache v1.3.x
Date Fri, 28 Feb 2003 21:51:09 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14560>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14560

SSLCertificateChainFile behaviour different or broken vs. apache v1.3.x





------- Additional Comments From ballou@crab.mv.com  2003-02-28 21:51 -------
I think this is because the boolean skip_first in ssl_init_ctx_cert_chain is
mistakenly initialized as TRUE (should be FALSE).  This means the first
certificate in the SSLCertificateChain file is always ignored.  (The intent
seems to be to allow the same file to be named in the SSLCertificateFile and
SSLCertificateChain file directive.  If this is the case, the code assumes the
first certificate in the chain file is the SSL server's certificate.  This
certificate is skipped when adding the extra certificates to the SSL context.)

I have tested the attached patch against version 2.0.44 and verified that it
causes the SSLCertificateChain directive to work as documented.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message