httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 35083] - Certificate validation problems trapping
Date Tue, 06 Sep 2005 12:48:50 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35083>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35083





------- Additional Comments From mstern@csc.com  2005-09-06 14:48 -------
>  - we include the whole handling in mod_ssl (no external module)
> I'm not sure what you mean by that.
I mean it becomes part of mod_ssl, it is not a separate module.
To be honest, I designed it as a module to have minimal impact on mod_ssl, in
order to speed up acceptance - bad guess.

>  - we add a general directive "SSLTrapCertifErrors"
> I am OK with a new directive which allows the admin to relax certain SSL
> certificate verification errors such as recovation status, expiry status, etc.
This does not relax anything, it just replaces a SSL error by a HTTP error (or a
custom page).
If needed, "SSLVerifyClient optional_no_ca ..." can still be used.
If it has any utility (?)

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message