httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 50094] New: Report information about certificate when validation fails
Date Thu, 14 Oct 2010 12:59:43 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=50094

           Summary: Report information about certificate when validation
                    fails
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: lat@cern.ch


The attached patch implements better error reporting when client certificate
verification fails. It hasn't seen much real-life use yet, but we're testing it
on 2.2.16 based server. As far as I can tell it provides desired better error
reporting. It seems code in 2.3.8 is still the same in this area.

Currently if client certificate verification fails, there's relatively little
in server logs to allow diagnosis of what went wrong - there's no information
about the certificate or the issuer. This patch reports subject and issuer
names as well as certificate validity period.

We hope this helps us better determine why errors happen, and to harvest useful
warnings for operators from the logs.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message