httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 35083] - Certificate validation problems trapping
Date Wed, 17 Aug 2005 10:29:17 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35083>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35083


jorton@redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Additional Comments From jorton@redhat.com  2005-08-17 12:29 -------
I'm not convinced this is necessary.  mod_ssl should be reporting errors at
TLS-level for TLS-level problems like bad certs.  If browsers handle that badly
then fix the browsers.

If you do want custom HTML responses for cert validation problems, it should be
possible already using "SSLVerifyClient optional" with SSLRequire and a custom
403 errordoc.  What about the current code prevents that?  Possibly more
information needs to be exported to get to the "certificate has expired" stuff.
 2.1's SSL_CLIENT_V_REMAIN might be sufficient for that.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message