Hello all,

I've heard about the recent vulnerability regarding SSL renegotiations and from what I can tell, it seems to have broken the usage of SSLVerifyClient inside a httpd <Directory> directive.

I'm trying to get Apache to verify client certificates, but only for a specific directory on my website, yet it only seems to kick in and work if I do it inside the <VirtualHost> directive, but not inside a <Directory> directive.

I'm going by the examples presented on http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients yet they seem to suffer from the exact same issue.

Any help would be appreciated.

Best regards,
Ricky Burgin