httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yefym Dmukh <Yefym.Dm...@icw-global.com>
Subject Re: [users@httpd] Bug or Feature : global SSLVerifyClient in <VirtualHost> overrides the same in <Location>?
Date Wed, 31 Aug 2005 11:14:47 GMT
>Thanks a lot for reporting this.

You are welcome. 

@See:  http://issues.apache.org/bugzilla/show_bug.cgi?id=12355

Best Regards






Joe Orton <jorton@redhat.com> 
31.08.2005 12:47
Please respond to
users@httpd.apache.org


To
Yefym Dmukh <Yefym.Dmukh@icw-global.com>
cc
users@httpd.apache.org
Subject
Re: [users@httpd] Bug or Feature : global SSLVerifyClient in <VirtualHost> 
overrides the same in  <Location>?






On Tue, Aug 30, 2005 at 10:23:16AM +0200, Yefym Dmukh wrote:
> >SSLVerifyClient is documented as working in directory context, so it 
> should also work in <Location> context. The manual page for mod_ssl does 

> >explicitly say that a SSL renegotiation is triggered if a request for 
the 
> location is received.
> 
> 
> Then this is a bug, because it doesn't work for <Location> 
> 
> Simple test scenario is :
> 1. access document root location - "SSLVerifyClient optional" ,  cance 
> certificate choice window.
> 2. access location <Location "/auth"> with  "SSLVerifyClient require" - 
no 
> triggered SSL negotiation - access without certificate granted.

The patch for this which has been proposed for the next 2.0.x release 
is:

  http://people.apache.org/~jorton/CAN-2005-2700.diff

Thanks a lot for reporting this.

(The issue appears to also affect Ralf Engelschall's mod_ssl for 1.3)

Regards,

joe



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



Mime
View raw message