Hello all,

I've heard about the recent vulnerability regarding SSL renegotiations 
and from what I can tell, it seems to have broken the usage of 
SSLVerifyClient inside a httpd <Directory> directive.

I'm trying to get Apache to verify client certificates, but only for a 
specific directory on my website, yet it only seems to kick in and work 
if I do it inside the <VirtualHost> directive, but not inside a 
<Directory> directive.

I'm going by the examples presented on 
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients yet 
they seem to suffer from the exact same issue.

Any help would be appreciated.

Best regards,
Ricky Burgin