Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 49059 invoked from network); 28 Aug 2008 17:45:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 28 Aug 2008 17:45:51 -0000 Received: (qmail 19482 invoked by uid 500); 28 Aug 2008 17:45:46 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 19434 invoked by uid 500); 28 Aug 2008 17:45:46 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 19423 invoked by uid 99); 28 Aug 2008 17:45:46 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Aug 2008 10:45:46 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [62.75.148.60] (HELO appendix.velox.ch) (62.75.148.60) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Aug 2008 17:44:45 +0000 Received: from cortex.velox.ch (77-56-88-217.dclient.hispeed.ch [77.56.88.217]) (authenticated bits=0) by appendix.velox.ch (8.14.2/8.14.2/2.0) with ESMTP id m7SHjBGu025898 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 28 Aug 2008 19:45:14 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=velox.ch; s=appendix-177f; t=1219945514; bh=I4hdu6HlWqXZm7FFO0BqFxZZiay/KYomV iIGtvgL9QQ=; h=Message-ID:Date:From:MIME-Version:To:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=o 7fFvrUHW3UV9mjOSgOE/Ni7KTRBikSfSoHttAWld4uZC8GKWG82ie+Lsqq20jDvbIpn dQcPaEYGQnspg/yY0hWKhK1TeAULw0g3AcW1SMh3wmVn7T7dVK0Dqqx/35CLqvH/nGF J3oqfvuUyFS/i2y9PdX6cFbMzU7NxiGDZbFgZnrgbffNRuZ92qKCPlk8pOHAt/p/qV8 pGDVGrCVnEcAQSTUx4Di1298AjI1Hm1XGIMj3tBo0FGwz6O5djOC1JiBsB7wixiVSI+ NREICTr1p9kmtiYmg2V6ad4iOyqFnCOfcEGDqvC6/GhIZcynYh17xAMTiBQ9zQPHtaM i7JRwQ== Message-ID: <48B6E426.2020609@velox.ch> DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=velox.ch; s=cortex-8a58; t=1219945516; bh=I4hdu6HlWqXZm7FFO0BqFxZZiay/KYomViI GtvgL9QQ=; h=Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=Y4XI//uSniMD 7cZrBTR7NuIYfOXGAgdf3bm1nIcadYWVe5JlGXHIMbSZOXWsXjX3Y+2LvAIS1PF9xdq BB+KzvnIxefOunf2ZPy4pApTCAFV9obCiCCchJqgaJoKjyahFSkg8rgg7/4spu2potM cRzAjD7mkOOKWAwedHC5Rtu/SahOdMUMOkTMeaj/ONV7pYH15JglFZiHWhrh5Kby6hM 9sP7xDSJsSBDwyuH5/ALs0lkGoH8Lptk6t1lqWT9q5mrWNzkrHlJ41eguS6dPkQ/cll WzZ1BkiKfcjeKZR/5Ux91IlMQwZqf6M3XwSR98sqVozt6L5mRez19fxvmkZuWw== Date: Thu, 28 Aug 2008 19:45:10 +0200 From: Kaspar Brand User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: SNI in 2.2.x (Re: Time for 2.2.10?) References: <48AA6528.1090301@velox.ch> <200808201206.33906.oeriksson@mandriva.com> <200808281815.30555.oeriksson@mandriva.com> <48B6DCC0.3010607@velox.ch> In-Reply-To: <48B6DCC0.3010607@velox.ch> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org I wrote: > When I added the second condition to the first if statement, I was > assuming that the default for auth.verify_depth is UNSET as well. > However, it's initialized to "1" (i.e. SSL_CVERIFY_OPTIONAL) ^^^^^^^^^^^^^^^^^^^^ Wrong, of course - this macro applies to verify_*mode* (not verify_depth). > Oden, if you change the line > > (sc->server->auth.verify_depth != UNSET)) { > to > (sc->server->auth.verify_depth != SSL_CVERIFY_OPTIONAL)) { Sorry, should consequently be changed to (sc->server->auth.verify_depth != 1)) { Kaspar