httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47055] SSLVerifyClient + Directory doesn't use cache sessions
Date Wed, 09 Sep 2009 12:23:42 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47055



--- Comment #29 from Will Rowe <wrowe@apache.org> 2009-09-09 05:23:32 PDT ---
Just for fun, would you try; 

        SSLVerifyClient optional
        SSLVerifyDepth  10

        <Location "/test">
          SSLVerifyClient require
          SSLVerifyDepth  10
          SSLOptions +OptRenegotiate
        </Location>

The first line ensures that the client-certificate accepted session will be
honored when the user navigates from /test, to say, /data and back again,
or when they start a new request that hasn't resolved to /test.

I'm a bit confused why the same session would not be reused until the session
expires, irrespective of the URL-path.  So I'm concerned that httpd may be 
handshaking, refusing their certificate, and renegotating for the session with
the certificate immediately afterwards.  This would be suboptimal.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message