httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clemens Wyss DEV <clemens...@mysign.ch>
Subject [users@httpd] "conditional" client certificate verification
Date Thu, 02 Oct 2014 08:46:45 GMT
We are about to introduce client certificates for (optional) authentication.

...

SSLOptions +StdEnvVars +ExportCertData

SSLCACertificateFile conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 4 ...



Unfortunately Safari@mac has "problems" (apparently a bug) connecting to Apache http://serverfault.com/questions/259610/could-not-establish-a-secure-connection-to-server-with-safari



Is there an alternative to the SSLInsecureRenegotiation flag?



What I'd like to do is something like

<If "%{HTTP_USER_AGENT} !~ /Safari/">

  SSLCACertificateFile conf/ssl.crt/ca.crt

  SSLVerifyClient optional

  SSLVerifyDepth 10

</If>



How "insecure" is the SSLInsecureRenegotiation flag?



Any help/advice appreciated

- Clemens


Mime
View raw message