Return-Path: 
 <users-return-33704-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 25523 invoked from network); 21 Oct 2003 14:28:20 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 21 Oct 2003 14:28:20 -0000
Received: (qmail 68419 invoked by uid 500); 21 Oct 2003 14:27:53 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 68384 invoked by uid 500); 21 Oct 2003 14:27:53 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 68328 invoked from network); 21 Oct 2003 14:27:52 -0000
Received: from unknown (HELO corpexch01.internal.hubspan.com) (64.122.5.126)
  by daedalus.apache.org with SMTP; 21 Oct 2003 14:27:52 -0000
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
Date: Tue, 21 Oct 2003 07:27:54 -0700
Message-ID: 
 <C499DCDFEDBEBC4BB3B503FF44B41C672C9E2E@corpexch01.internal.hubspan.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [users@httpd] Client Certificate Setup problem with same
 VirtualHost but different URI resource name
Thread-Index: AcOX23NYYzJ/MgU8QrK3I7fRAcAbHAAA41tw
From: "Ian Huynh" <ianh@hubspan.com>
To: <users@httpd.apache.org>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: RE: [users@httpd] Client Certificate Setup problem with same
 VirtualHost but different URI resource name
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Interesting. You are right. I am not sure if the docs is in error or =
it's something in the code.
I am not getting any error when apache starts. Is there a configtest =
utility in 2.x?



> -----Original Message-----
> From: Leif W [mailto:warp-9.9@usa.net]
> Sent: Tuesday, October 21, 2003 6:59 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Client Certificate Setup problem with same
> VirtualHost but different URI resource name
>=20
>=20
> Regarding this portion:
>=20
>    <Location /abc>
> SSLVerifyClient none
>    </Location>
>=20
>    <Location /def>
> SSLVerifyClient require
>    </Location>
>=20
> The docs state the context to be Directory, not Location. =20
> I'm surprised a
> configtest didn't complain?  Or are the docs in error?  Beyond this, I
> really don't know.  ;-)
>=20
> Leif
>=20
> ----- Original Message -----=20
> From: "Ian Huynh" <ianh@hubspan.com>
> To: <users@httpd.apache.org>
> Sent: Tuesday, October 21, 2003 9:48 AM
> Subject: RE: [users@httpd] Client Certificate Setup problem with same
> VirtualHost but different URI resource name
>=20
>=20
> I've tried various config. some seem to work but always with a little
> caveat.
>=20
> - Things always seem to work on a GET
>=20
> - Sometimes you get a 503 on a POST, if the SSLVerifyClient=20
> switches from a
> no-cert/optional cert to require cert (the
>   error in the log has to do with mod_ssl complaining about trying to
> renegotiate client auth on a POST)
>=20
> - Most browsers will behave funny (getting a popup dialog=20
> even though there
> are no certs present on the client
>   ) when using SSLVerifyClient optional.  IE has option to=20
> turn it off but
> that's not the default IE behavior.
>=20
>=20
> sample config:
>=20
> <VirtualHost _default_:443>
>    SSLVerifyClient optional
>    SSLVerifyDepth  3
>=20
> {.. other config info deleted for clarity
> ..}
>=20
>    <Location /abc>
> SSLVerifyClient none
>    </Location>
>=20
>    <Location /def>
> SSLVerifyClient require
>    </Location>
>=20
>=20
> </VirtualHost>
>=20
> > -----Original Message-----
> > From: Leif W [mailto:warp-9.9@usa.net]
> > Sent: Tuesday, October 21, 2003 6:22 AM
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Client Certificate Setup problem=20
> with same
> > VirtualHost but different URI resource name
> >
> >
> > Hi,
> >
> > First I don't really know the answer but since there was no
> > reply I figured
> > I'd give it a shot.  I just spent a few seconds skimming
> > http://httpd.apache.org/docs-2.0/ and found two directives
> > which may apply.
> > What I did was go right to the mod_ssl stuff, and look only
> > for directives
> > which had a directory context.
> >
> > SSLVerifyClient (
> > http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifyclient )
> > SSLVerifyDepth (
> > http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslverifydepth )
> >
> > Hope that helps,
> >
> > Leif
> >
> > ----- Original Message -----=20
> > From: "Ian Huynh" <ianh@hubspan.com>
> > To: <users@httpd.apache.org>
> > Sent: Friday, October 17, 2003 12:42 PM
> > Subject: [users@httpd] Client Certificate Setup problem with same
> > VirtualHost but different URI resource name
> >
> >
> > Apache 2.0.47 on win2k
> >
> > How do i setup this scenario
> >
> > Background: Apache WEB Server with 1 NIC card & 1 IP address
> > bound to it.
> > I have 2 URLs (see below) and one requires a client cert the
> > other does not.
> > Both URLs are in the same Virtual Host called 'myserver.com' but has
> > different
> > URI resource name.  'abc' does not require client cert but=20
> 'def' does.
> >
> >
> > 1.   https://myserver.com/abc/   - this does not require cert
> >
> > 2.   https://myserver.com/def/   - this MUST have client cert
> >
> >
> >
> > Thanks
> >
> >=20
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> >=20
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>=20
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP=20
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>=20
>=20
>=20
>=20
>=20
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP=20
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>=20
>=20

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org