httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 12355] - SSLVerifyClient directive in location make post to PHP script impossible
Date Tue, 18 Oct 2005 17:34:10 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=12355>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=12355





------- Additional Comments From asf-bugzilla@sentries.org  2005-10-18 19:34 -------
(In reply to comment #41)

> This patch can be applied to 2.0.54.

The patch can be applied to 2.0.55 aswell, and it allows using the
following setup:

  SSLVerifyClient optional
  <Location /subversion>
    DAV svn
    SVNParentPath /path/to/reps
    AuthzSVNAccessFile /path/to/accessfile
    SSLVerifyClient require
    SSLUserName SSL_CLIENT_S_DN_CN
    SSLOptions +StrictRequire
  </Location>

I used Subversion 1.2.3 clients on Linux and Windows for successful
testing.

It is important to note that with the above configuration, access to
the Subversion repository requires a client certificate, while other
areas of the server can be accessed without certificates (i.e. webmail
via HTTPS). Judging from my tests, this desired behaviour can not be
achieved based on vanilla 2.0.55 sources, so I strongly welcome Joe's
patch and hope it will be included as a 2.0.x backport in the future.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message