httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <>
Subject RE: [PATCH] mod_SSL with Client Authentication
Date Wed, 22 Aug 2001 20:25:16 GMT
Yup.. you're right. That's the reason why the client certificate parameters
are maintained in the connection context - so that when a access check is
being performed, a renegotiation is not triggered (again).. 

Another TODO item in the modules/ssl/README file can be removed :
o Remember the Peer Certificate parameters.


-----Original Message-----
From: Doug MacEachern []
Sent: Wednesday, August 22, 2001 12:54 PM
To: ''
Subject: RE: [PATCH] mod_SSL with Client Authentication

On Wed, 22 Aug 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:

> Ideally, we should be verifying for a failed Client authentication soon
> after a SSL_accept, and a connection closed accordingly.

ok, thats in, thanks.
> The stuff that's being done in ssl_hook_Access is mostly to ensure that
> certificate has proper permissions to access that location. It's mostly
> concerned with the "SSLRequire" parameter.

also for per-location client auth (SSLVerify*).  it would also handle
per-server SSLVerify too, but triggers renegotiation, which it shouldn't
now with your patch in.

View raw message