httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yefym Dmukh <Yefym.Dm...@icw-global.com>
Subject RE: [users@httpd] Bug or Feature : global SSLVerifyClient in <VirtualHost> overrides the same in <Location>?
Date Tue, 30 Aug 2005 08:23:16 GMT
>SSLVerifyClient is documented as working in directory context, so it 
should also work in <Location> context. The manual page for mod_ssl does 
>explicitly say that a SSL renegotiation is triggered if a request for the 
location is received.
 

Then this is a bug, because it doesn't work for <Location> 

Simple test scenario is :
1. access document root location - "SSLVerifyClient optional" ,  cance 
certificate choice window.
2. access location <Location "/auth"> with  "SSLVerifyClient require" - no 
triggered SSL negotiation - access without certificate granted.

So the answer to the question : 
Bug or Feature : global SSLVerifyClient in <VirtualHost> overrides the 
same in  <Location>? 
it is a bug : )














Axel-St├ęphane  SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com> 
29.08.2005 17:06
Please respond to
users@httpd.apache.org


To
<users@httpd.apache.org>
cc

Subject
RE: [users@httpd] Bug or Feature : global SSLVerifyClient in <VirtualHost> 
overrides the same in  <Location>?






SSLVerifyClient is documented as working in directory context, so it 
should also work in <Location> context. The manual page for mod_ssl does 
explicitly say that a SSL renegotiation is triggered if a request for the 
location is received.
 
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslverifyclient
 
-ascs

________________________________

From: Yefym Dmukh [mailto:Yefym.Dmukh@icw-global.com] 
Sent: Monday, August 29, 2005 3:54 PM
To: users@httpd.apache.org
Subject: [users@httpd] Bug or Feature : global SSLVerifyClient in 
<VirtualHost> overrides the same in <Location>?



Hi guys , 
please point me if it possible to the docu, cannot find anything related 
to the topic. 


here is an example: 



<VirtualHost> 
SSLVerifyClient optional 

Alias /auth   /htdocs/authorisation 
<Location "/auth"> 
SSLVerifyClient require 
SSLOptions +ExportCertData +StdEnvVars 
SSLVerifyDepth 5 
Options None 
</Location> 

</VirtualHost> 


Best Regards , 
Yefym

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



Mime
View raw message