httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 50094] New: Report information about certificate when validation fails
Date Thu, 14 Oct 2010 12:59:43 GMT

           Summary: Report information about certificate when validation
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl

The attached patch implements better error reporting when client certificate
verification fails. It hasn't seen much real-life use yet, but we're testing it
on 2.2.16 based server. As far as I can tell it provides desired better error
reporting. It seems code in 2.3.8 is still the same in this area.

Currently if client certificate verification fails, there's relatively little
in server logs to allow diagnosis of what went wrong - there's no information
about the certificate or the issuer. This patch reports subject and issuer
names as well as certificate validity period.

We hope this helps us better determine why errors happen, and to harvest useful
warnings for operators from the logs.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message