httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@hp.com>
Subject RE: [PATCH] mod_SSL with Client Authentication
Date Wed, 22 Aug 2001 20:25:16 GMT
Yup.. you're right. That's the reason why the client certificate parameters
are maintained in the connection context - so that when a access check is
being performed, a renegotiation is not triggered (again).. 

Another TODO item in the modules/ssl/README file can be removed :
o Remember the Peer Certificate parameters.

Thanks
-Madhu

-----Original Message-----
From: Doug MacEachern [mailto:dougm@covalent.net]
Sent: Wednesday, August 22, 2001 12:54 PM
To: 'dev@httpd.apache.org'
Subject: RE: [PATCH] mod_SSL with Client Authentication


On Wed, 22 Aug 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote:

> Ideally, we should be verifying for a failed Client authentication soon
> after a SSL_accept, and a connection closed accordingly.

ok, thats in, thanks.
 
> The stuff that's being done in ssl_hook_Access is mostly to ensure that
the
> certificate has proper permissions to access that location. It's mostly
> concerned with the "SSLRequire" parameter.

also for per-location client auth (SSLVerify*).  it would also handle
per-server SSLVerify too, but triggers renegotiation, which it shouldn't
now with your patch in.




Mime
View raw message