httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Anton Mitterer <cales...@scientia.net>
Subject [users@httpd] selectively disclaim on SSL client-auth for some directories
Date Thu, 29 Dec 2011 14:23:20 GMT
Hi.

I wondered whether the following is somehow possible (I guess it's not).

I have a SSL vhost,... and I'd like to require SSL client cert
authentication _per default_ ... but selectively being able to not
demand it for some directories/files/locations.

Having something like:
<VirtualHost ..>

SSLVerifyClient require
...

<Directory /vhost/forThePublic>
SSLVerifyClient none
...
</Directory>

</VirtualHost>


seems to work not (as I'd like to have it), as the vhost wide setting is
used for the initial SSL handshake.

So even if a client just asks for something in /vhost/forThePublic he'd
first have to present a valid client cert.


Any other ways?


Thanks,
Chris.

Mime
View raw message