httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Helmut K. C. Tessarek" <tessa...@evermeet.cx>
Subject bug with SSLVerifyClient?
Date Mon, 21 Nov 2016 17:40:46 GMT
Hello,

According to the documentation SSLVerifyClient can be used in a
directory context.
But I noticed that it is completely ignored (it always asks for a
user/password, no matter, if I have the client cert installed or not).

Here are the config directives (ignore the external provider):

<Directory "/dir_here">
    Options Indexes FollowSymLinks

    SSLVerifyClient             optional
    SSLVerifyDepth              2

    AuthType Basic
    AuthName "Restricted Section server"
    AuthBasicProvider           ibmdb2

    AuthIBMDB2User              user
    AuthIBMDB2Password          password
    AuthIBMDB2Database          dbname
    AuthIBMDB2UserProc          mod_authnz.getpassword
    AuthIBMDB2GroupProc         mod_authnz.getgroups

    <RequireAny>
       Include /etc/httpd/extra/file_with_require_expr.conf
       Require user             my_user
    </RequireAny>
</Directory>


Please note that it works perfectly, if I create a virtual host and move
the following out of the directory section and put it in the  virtual
host context:

    SSLVerifyClient             optional
    SSLVerifyDepth              2

So either I am mnissing something, or the documention is wrong, or
there's a bug somewhere.

Can someone please shed some light on this?

Cheers,
  K. C.

-- 
regards Helmut K. C. Tessarek
lookup http://sks.pkqs.net for KeyID 0xC11F128D

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/

Mime
View raw message