httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plot Lost <plot.l...@gmail.com>
Subject [users@httpd] SSL client certificates
Date Wed, 17 Nov 2010 04:12:03 GMT
I'm using client certificates to control access to specific sections of a
site.

The relevant parts of the config include:

SSLVerifyClient none
SSLCACertificateFile "/home/apache/certs/client_ca.crt"
in the main part of the ssl config, and then

SSLVerifyClient require
SSLVerifyDepth 1

in the location section that covers that part of the site that certificates
are needed for


This appears to be working, but I am getting an unwanted entries in the
error log.

For example, when connecting from Chrome I get:

[Wed Nov 17 03:54:17 2010] [error] [client x.x.x.x] Re-negotiation handshake
failed: Not accepted by client!?

When connecting from IE I get:

[Wed Nov 17 03:51:57 2010] [error] [client x.x.x.x] Re-negotiation handshake
failed: Not accepted by client!?
[Wed Nov 17 03:52:05 2010] [error] [client x.x.x.x] insecure SSL
re-negotiation required, but a pipelined request is present; keepalive
disabled

Is there anything I can do to stop these happening? The connections do seem
to be working in that when you go to the relevant URL the browers to prompt
for a certificate selection, and once that is done they are able to browser
the site.

If there is nothing that can stop these errors, is there something that can
be done to stop them from being logged - would rather not have the error log
filling up with something that does actaully seem to be working.

This is using Apache 2.2.15 and OpenSSL 0.9.8l

Mime
View raw message