httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 46355] Support to protect multiple resources via x.509 client auth certificates that are issued off different Issuing CAs that are issued off the same Root CA
Date Tue, 23 Jun 2009 14:41:15 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=46355


Joe Orton <jorton@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #1 from Joe Orton <jorton@redhat.com>  2009-06-23 07:41:14 PST ---
It's not possible to do exactly what you're requesting with OpenSSL.

It is technically feasible to simply:

 - configure the root CA as SSLCACertificateFile
 - in per-directory context, use SSLRequire to check that the client cert is
issued by the appropriate intermediary, by comparing the appropriate field in
the client's issuer DN - SSL_CLIENT_I_DN_*

though there may be deployment issues with that if you are expecting any given
client to have more than one cert.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message