httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r1374214 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_engine_init.c
Date Tue, 21 Aug 2012 09:31:24 GMT
On Sat, Aug 18, 2012 at 09:00:00AM +0200, Kaspar Brand wrote:
> On 17.8.12 13:59, jorton@apache.org wrote:
> > @@ -1412,6 +1421,8 @@ static void ssl_init_proxy_certs(server_
> >          ssl_die(s);
> >      }
> >  
> > +    /* ### Why is all the following done?  Why is it necessary or
> > +     * useful for the server to try to verify its own client cert? */
> 
> It's the somewhat surprising way to let OpenSSL build the chain of the
> client cert, cf.
> 
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201109.mbox/%3C4E620C5E.3050802@opensslfoundation.com%3E
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201109.mbox/%3C4E61C3CE.4020500@velox.ch%3E
> http://mail-archives.apache.org/mod_mbox/httpd-dev/201109.mbox/%3C4E625521.3000905@opensslfoundation.com%3E

Ah, I see.  Thanks Kaspar.  I've updated the comment.

Regards, Joe

Mime
View raw message