httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Reid <da...@jetnet.co.uk>
Subject Re: [PATCH] set username from certificates at a more appropriate time
Date Wed, 02 Feb 2005 16:57:54 GMT
Geoffrey Young wrote:
> 
> Joe Orton wrote:
> 
>>I presume this fixes #31418?  Your patch makes sense to me.  I could
>>argue that it could even be done *before* the SSLRequire checking, such
>>that the "username" is logged appropriately even if an SSLRequire
>>triggers a 403, but I doubt that matters much.
> 
> 
> fwiw that's the route that the auth providers took when we last looked at
> this - make it possible to log the user, with the understanding that the
> user might not have passed the auth process so may be completely bogus.

As Joe pointed out in a separate reply this is now done after the 
renegotiation, so it's a sensible place to do it and avoids one possible 
gotcha.

david

Mime
View raw message