Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 5200 invoked from network); 31 Aug 2005 10:47:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 31 Aug 2005 10:47:46 -0000 Received: (qmail 48382 invoked by uid 500); 31 Aug 2005 10:47:35 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 48368 invoked by uid 500); 31 Aug 2005 10:47:35 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 48350 invoked by uid 99); 31 Aug 2005 10:47:35 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Aug 2005 03:47:35 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of jorton@redhat.com designates 66.187.233.31 as permitted sender) Received: from [66.187.233.31] (HELO mx1.redhat.com) (66.187.233.31) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 31 Aug 2005 03:47:49 -0700 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j7VAlWts015665; Wed, 31 Aug 2005 06:47:32 -0400 Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j7VAlQV27609; Wed, 31 Aug 2005 06:47:26 -0400 Received: (from jorton@localhost) by radish.cambridge.redhat.com (8.13.4/8.13.4/Submit) id j7VAlP8u017155; Wed, 31 Aug 2005 11:47:25 +0100 Date: Wed, 31 Aug 2005 11:47:25 +0100 From: Joe Orton To: Yefym Dmukh Cc: users@httpd.apache.org Message-ID: <20050831104725.GA17074@redhat.com> Mail-Followup-To: Yefym Dmukh , users@httpd.apache.org References: <8C29B2F93BAE9047A906EF6D6F9C5D436D9D5D@exchange2k301.gaia.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Bug or Feature : global SSLVerifyClient in overrides the same in ? X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N On Tue, Aug 30, 2005 at 10:23:16AM +0200, Yefym Dmukh wrote: > >SSLVerifyClient is documented as working in directory context, so it > should also work in context. The manual page for mod_ssl does > >explicitly say that a SSL renegotiation is triggered if a request for the > location is received. > > > Then this is a bug, because it doesn't work for > > Simple test scenario is : > 1. access document root location - "SSLVerifyClient optional" , cance > certificate choice window. > 2. access location with "SSLVerifyClient require" - no > triggered SSL negotiation - access without certificate granted. The patch for this which has been proposed for the next 2.0.x release is: http://people.apache.org/~jorton/CAN-2005-2700.diff Thanks a lot for reporting this. (The issue appears to also affect Ralf Engelschall's mod_ssl for 1.3) Regards, joe --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org