httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: [PATCH] mod_SSL with Client Authentication
Date Wed, 22 Aug 2001 18:14:44 GMT
Ideally, we should be verifying for a failed Client authentication soon
after a SSL_accept, and a connection closed accordingly.

The stuff that's being done in ssl_hook_Access is mostly to ensure that the
certificate has proper permissions to access that location. It's mostly
concerned with the "SSLRequire" parameter.

Thanks
-Madhu

-----Original Message-----
From: Doug MacEachern [mailto:dougm@covalent.net]
Sent: Wednesday, August 22, 2001 10:56 AM
To: 'new-httpd@apache.org'
Subject: Re: [PATCH] mod_SSL with Client Authentication


On Tue, 21 Aug 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:

> Hi,
> 	I've enabled Client Auth in mod_ssl. The change is pretty simple -
> the only thing that was to be done was to verify if the return value of a
> SSL handshake had given an error. (Most part of the code was borrowed from
> the existing logic in ssl_engine_kernel.c).

client auth is enabled/working in ssl_hook_Access, do you know why it
needs to be implemented here as well?  i realize the 1.x code does this
too, is it to avoid re-negotiation?  i guess that would make sense
performance wise.  i'll take a closer look at your patch soon.






Mime
View raw message