httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-WIllem van Gulik <>
Subject Re: Small things to do
Date Tue, 08 Nov 2011 23:52:45 GMT

On 8 Nov 2011, at 23:03, Daniel Ruggeri wrote:

> On 11/8/2011 3:10 PM, Stefan Fritsch wrote:
> >   * mod_ssl's proxy support only allows one proxy client certificate per
> >     frontend virtual host. Lift this restriction.
> >     jim sez: Why a blocker?, pgollucci +1 jim
> >     wrowe asks: what's the API change required?
> I'm not sure I understand this one... does anyone have the history to
> elaborate?

Three things really - in order of priority:

-	Specify a specific client cert per proxy-pass or other <Location and so on.

-	Be able to have a bunch of client certs respond/get picked right (narrowest) when the server
gives a list of acceptable authorities.

-	Be able to lock a specific client cert down to a cert in the chain of the servers issuer;
or to the DN/etc of the server.

Though the latter/last is easily worked around with by having multiple vhosts wrapped around.

View raw message