httpd-test-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t
Date Fri, 28 Jan 2005 17:22:28 GMT
On Fri, Jan 28, 2005 at 06:03:14PM +0100, Dominique Quatravaux wrote:
> Geoffrey Young wrote:
> 
> |
> | so, are you saying that can remove SSLVerifyClient here and all is
> | ok?
> 
> No no, you're right and Joe was wrong, you must not change a thing.
> Sorry for being unclear!

I think you're confused about the difference between SSLVerifyClient
"optional" and "require": both insist on a new handshake, both send the
client a CertificateRequest message, but the former will fail the SSL
handshake if no cert is presented; the latter will not.  So doing an
SSLRequire check for %{SSL_VERIFY_CLIENT} after using "SSLVerifyClient
require" is redundant.  Geoff, removing the SSLRequire line is right, it
doesn't really matter though...

joe

Mime
View raw message