httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46773] New: SSLClientVerify directive not processed in documented directory order
Date Thu, 26 Feb 2009 14:56:50 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46773

           Summary: SSLClientVerify directive not processed in documented
                    directory order
           Product: Apache httpd-2
           Version: 2.2.11
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Runtime Config
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: dan.cushing@netideasinc.com


The configuration directives for Directory containers are supposed to be
processed in order of shortest to longest, to allow a general configuration to
be overridden by more specific subdirectory directives.  In the configuration
below I have specified 'SSLClientVerify require' globally.  In the registration
directory, where we cannot yet have it protected, I have specified
'SSLClientVerify none'.  I expected that to override the higher level directive
and allow this subdirectory to be accessed without a client certificate. 
Instead, it still requires a certificate to be presented.

<Directory "/webapp/root">
  Options None
  AllowOverride None
  Order Allow,Deny
  Allow from all
  SSLVerifyClient require
  SSLVerifyDepth 5
  AuthName "Web App Name"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPURL ldap://127.0.0.1/o=netideasinc.com?uid?one
  Require ldap-group cn=RegisteredUsers,ou=Groups,o=netideasinc.com
</Directory>

<Directory /webapp/root/registration">
  Options None
  Order Allow,Deny
  Allow from all
  SSLVerifyClient none
  AuthName "Web App Name"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPURL ldap://127.0.0.1/o=netideasinc.com?uid?one
  Require ldap-group cn=RegisteredUsers,ou=Groups,o=netideasinc.com
</Directory>

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message