httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 60028] New: mod_ssl does not accept expired client certificates even with SSLVerifyClient optional_no_ca
Date Mon, 22 Aug 2016 07:30:29 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=60028

            Bug ID: 60028
           Summary: mod_ssl does not accept expired client certificates
                    even with SSLVerifyClient optional_no_ca
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@httpd.apache.org
          Reporter: pascal.ernster@rub.de

mod_ssl does not accept expired client certificates even if the SSLVerifyClient
directive is set to "optional_no_ca". Self-signed certificates are accepted,
but expired certificates are not.

IMHO this doesn't match the description in the official manual and is thus a
bug:

"optional_no_ca: the client may present a valid Certificate but it need not to
be (successfully) verifiable"

https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslverifyclient

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message