httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 47492] SSLVerifyClient require_no_ca
Date Fri, 07 Aug 2009 15:39:28 GMT

--- Comment #1 from Andre Cruz <> 2009-08-07 08:39:26 PDT ---
Does this patch work?

I setup a path like this:
    <Location />
      SSLVerifyClient require_no_ca
      SSLOptions +OptRenegotiate

The browser asked me for a certificate when the SSL was renegotiated (the outer
context has SSLVerifyClient none) and the following appeared in the log:

[Fri Aug 07 16:26:04 2009] [error] Re-negotiation handshake failed: Client
verification failed

A "Forbidden" was returned to the browser (Firefox 3.5.2). fyi, the patch does
not apply cleanly to 2.1.12 and the certificate I sent is self-signed.

Also, when I don't send a client certificate an error page appears in Firefox,
this can be a firefox problem... This appears in the server log:

[Fri Aug 07 16:38:14 2009] [debug] ssl_engine_kernel.c(1772): OpenSSL: Write:
SSLv3 read client certificate B
[Fri Aug 07 16:38:14 2009] [debug] ssl_engine_kernel.c(1791): OpenSSL: Exit:
error in SSLv3 read client certificate B
[Fri Aug 07 16:38:14 2009] [error] Re-negotiation handshake failed: Not
accepted by client!?

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message