httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ricky Burgin <ri...@burg.in>
Subject SSLVerifyClient in <Directory>
Date Sun, 06 Dec 2009 17:19:13 GMT
Hello all,

I've heard about the recent vulnerability regarding SSL renegotiations 
and from what I can tell, it seems to have broken the usage of 
SSLVerifyClient inside a httpd <Directory> directive.

I'm trying to get Apache to verify client certificates, but only for a 
specific directory on my website, yet it only seems to kick in and work 
if I do it inside the <VirtualHost> directive, but not inside a 
<Directory> directive.

I'm going by the examples presented on 
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients yet 
they seem to suffer from the exact same issue.

Any help would be appreciated.

Best regards,
Ricky Burgin


Mime
View raw message