httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: Small things to do
Date Tue, 08 Nov 2011 23:37:46 GMT
On 09 Nov 2011, at 1:03 AM, Daniel Ruggeri wrote:

> On 11/8/2011 3:10 PM, Stefan Fritsch wrote:
>>  * mod_ssl's proxy support only allows one proxy client certificate  
>> per
>>    frontend virtual host. Lift this restriction.
>>    jim sez: Why a blocker?, pgollucci +1 jim
>>    wrowe asks: what's the API change required?
>
> I'm not sure I understand this one... does anyone have the history to
> elaborate?

Currently in our environment we have reverse proxies connecting to  
client-cert-authenticated backends, and one of the things we can't do  
is this:

<VirtualHost ...>
   <Location /foo>
      ProxyPass https://some.where.back.there/foo
      ...
   </Location>
   <Location /bar>
      ProxyPass https://some.where.different/bar
      ...
   </Location>
</VirtualHost>

where "https://some.where.back.there" and "https:// 
some.where.different" are authenticated by separate sets of client  
certs and separate CA certs.

We do some nasty php to get around this, it isn't ideal. It is nice to  
have though, and shouldn't block 2.4.

Regards,
Graham
--


Mime
View raw message