httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47492] SSLVerifyClient require_no_ca
Date Fri, 07 Aug 2009 15:39:28 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47492



--- Comment #1 from Andre Cruz <andre@cabine.org> 2009-08-07 08:39:26 PDT ---
Does this patch work?

I setup a path like this:
    <Location /LoginWithCert.do>
      SSLVerifyClient require_no_ca
      SSLOptions +OptRenegotiate
    </Location>

The browser asked me for a certificate when the SSL was renegotiated (the outer
context has SSLVerifyClient none) and the following appeared in the log:

[Fri Aug 07 16:26:04 2009] [error] Re-negotiation handshake failed: Client
verification failed

A "Forbidden" was returned to the browser (Firefox 3.5.2). fyi, the patch does
not apply cleanly to 2.1.12 and the certificate I sent is self-signed.

Also, when I don't send a client certificate an error page appears in Firefox,
this can be a firefox problem... This appears in the server log:

[Fri Aug 07 16:38:14 2009] [debug] ssl_engine_kernel.c(1772): OpenSSL: Write:
SSLv3 read client certificate B
[Fri Aug 07 16:38:14 2009] [debug] ssl_engine_kernel.c(1791): OpenSSL: Exit:
error in SSLv3 read client certificate B
[Fri Aug 07 16:38:14 2009] [error] Re-negotiation handshake failed: Not
accepted by client!?

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message