httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52630] Firefox can't access SSL websites with client authentication and when using a symlink to a directory of CA certs
Date Fri, 10 Feb 2012 14:36:50 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52630

Christoph Anton Mitterer <calestyo@scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.2.16                      |2.2.22

--- Comment #4 from Christoph Anton Mitterer <calestyo@scientia.net> 2012-02-10 14:36:50
UTC ---
Did some more testing:

At least Apache 2.2.22 is still affected...


More important,.. while I still think that there's something fishy in Firefox
(because things work in Chromium) I guess now that this is more a bug in Apache
than in FF.

I have basically this configuration for client auth:
        SSLCACertificatePath
pki/virtual-hosts/lcg-lrz-monitoring.grid.lrz.de/client.crt.d
        SSLCADNRequestPath
pki/virtual-hosts/lcg-lrz-monitoring.grid.lrz.de/client.acceptable-CA-DNs.crt.d
        SSLCARevocationPath
pki/virtual-hosts/lcg-lrz-monitoring.grid.lrz.de/client.crl.d

All these three files are actually symbolic links to the directory
/etc/grid-security/certificates , where the grid CA cert bundle from the
International Grid Trust Federation lies.

When I replace the above with:
        SSLCACertificatePath /etc/grid-security/certificates
        SSLCADNRequestPath /etc/grid-security/certificates
        SSLCARevocationPath /etc/grid-security/certificates
then client auth works also in FF.

Not sure whether this is a bug in Apache or OpenSSL, though.


I've also tested the configuration with symlinks and adding a trailing "/" on
each symlink. This _doesn't_ help.


Cheers,
Chris.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message