I've heard about the recent vulnerability regarding SSL renegotiations
and from what I can tell, it seems to have broken the usage of
SSLVerifyClient inside a httpd <Directory> directive.
I'm trying to get Apache to verify client certificates, but only for a
specific directory on my website, yet it only seems to kick in and work
if I do it inside the <VirtualHost> directive, but not inside a
I'm going by the examples presented on http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients
yet they seem to suffer from the exact same issue.
Any help would be appreciated.