httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Régnard <vregn...@tbs-internet.com>
Subject [users@httpd] SSLRequire and directory recursion
Date Fri, 24 Oct 2008 15:24:10 GMT
Hi all,

I've performed client authentication for a while as followed:

Top level virtual host root:

/companysecure
	(SSLRequire a certificate with company valid DN)

Subdirectories:

/companysecure/sub1
/companysecure/sub2
	(SSLRequire a certificate with more restrictive requirements on the 
sertificate (OU, Email, crls etc..))

And now I want to configure an additional acces to

/companysecure/externalothers

for people not belonging to our company (and not having a certificate 
from our company), but I want to check their certificate to give them or 
refuse access to this directory as I did before outside the 
/companysecure/ tree.

The probleme is they dont show a valid company certificate (as required 
by SSLRequire on /companysecure top level directory), and acces is 
imediately refused as the first SSLRequire does not match at top level.

I would like to override the top level requirement in the subdirectory 
/companysecure/externalothers and keep the global protection at the top 
level /companysecure .

I cannot find the way to override the global SSLRequire authentication 
in a subdirectory.

Is it possible to achieve this goal with apache 2.0.X ? Is there a way 
to circumvent or trick the problem ?

-- 
Vincent Régnard
TBS-internet.com


Mime
View raw message