httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52630] Firefox can't access SSL websites with client authentication and when using a symlink to a directory of CA certs
Date Mon, 13 Feb 2012 06:01:11 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52630

Kaspar Brand <asfbugz@velox.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #8 from Kaspar Brand <asfbugz@velox.ch> 2012-02-13 06:01:11 UTC ---
(In reply to comment #6)
> - something seem to be fishy between FF and Apache, as it works with Chromimum
> in both cases
> - something seems to be buggy in Apache either Apache or OpenSSL, as it also
> works with Apache, but only when I don't use a symlink to the directory.

As I also wrote in bug 52631, you need to come up with a clear description of
what you think the bug in mod_ssl is. In particular, this means providing clear
steps to reproduce, and giving details about what exactly seems to be "fishy"
or "buggy" (see e.g. point 4 at http://httpd.apache.org/bug_report.html).

(In reply to comment #7)
> It seems not to be related to symlinks. It actually happens always when I use
> relative paths, even very simply ones like just:
> SSLCACertificatePath certs/

Can't reproduce - configuring client authentication with SSLCACertificatePath
and using Firefox as the client works fine for me, either when specifying an
absolute or a relative path (under Linux, you might want to try runnning httpd
with "strace -e stat64 httpd -X" to see for what CA cert files it looks
exactly).

When a CA cert isn't available to mod_ssl, "unable to get local issuer
certificate" is clearly the expected OpenSSL error. Unless you're seeing
*other* errors in the log when connecting with Firefox, there's no mod_ssl bug
to report.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message