httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46355] Support to protect multiple resources via x.509 client auth certificates that are issued off different Issuing CAs that are issued off the same Root CA
Date Tue, 23 Jun 2009 14:41:15 GMT

Joe Orton <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #1 from Joe Orton <>  2009-06-23 07:41:14 PST ---
It's not possible to do exactly what you're requesting with OpenSSL.

It is technically feasible to simply:

 - configure the root CA as SSLCACertificateFile
 - in per-directory context, use SSLRequire to check that the client cert is
issued by the appropriate intermediary, by comparing the appropriate field in
the client's issuer DN - SSL_CLIENT_I_DN_*

though there may be deployment issues with that if you are expecting any given
client to have more than one cert.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message