httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <>
Subject Re: LDAPTrustedClientCert?
Date Fri, 10 Nov 2006 00:34:26 GMT
FWIW, openldap HEAD now has a fix that eliminates the need for the
ugly SSL_library_init() call I had in my "illustrative" patch.

Executive Summary:

per apache doc Novell doesn't use per-connection client certs

per apache doc WIN32 doesn't use per-connection client certs (unknown,
maybe windows magic outside of httpd config)

per apache doc, Moz/NS should be able to push a cert nickname per
directory, AFAICT this is a no-go w/ the 2.2.3/trunk code because of
the client_cert array not being managed correctly.

per apache doc, openldap should be able to set client key/cert per
directory, AFAICT this is unsupported in openldap until HEAD today.
Confirmed by openldap committer on IRC this evening.

I'll respin a patch that de-emphasizes "works with openldap alpha" and
focuses more on making the "tls cert" doc and code sane.

Eric Covener

View raw message