Return-Path: 
 <users-return-112048-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 26E751794D
	for <apmail-httpd-users-archive@www.apache.org>;
 Sun, 23 Aug 2015 06:51:38 +0000 (UTC)
Received: (qmail 55796 invoked by uid 500); 23 Aug 2015 06:51:35 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 55758 invoked by uid 500); 23 Aug 2015 06:51:35 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 55748 invoked by uid 99); 23 Aug 2015 06:51:35 -0000
Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 23 Aug 2015 06:51:35 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org)
 with ESMTP id C3163DEAB2
	for <users@httpd.apache.org>; Sun, 23 Aug 2015 06:51:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.786
X-Spam-Level: **
X-Spam-Status: No, score=2.786 tagged_above=-999 required=6.31
	tests=[HTML_IMAGE_ONLY_32=0.001, HTML_MESSAGE=3,
	KAM_LAZY_DOMAIN_SECURITY=1, MIME_QP_LONG_LINE=0.001,
	RP_MATCHES_RCVD=-1.227, T_REMOTE_IMAGE=0.01, URIBL_BLOCKED=0.001]
	autolearn=disabled
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new,
 port 10024)
	with ESMTP id N_a4ceZ12TiY for <users@httpd.apache.org>;
	Sun, 23 Aug 2015 06:51:27 +0000 (UTC)
Received: from caido.ro (caido.ro [86.107.248.7])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTP id A4BBF20646
	for <users@httpd.apache.org>; Sun, 23 Aug 2015 06:51:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by caido.ro (Postfix) with ESMTP id AAE5E140C06
	for <users@httpd.apache.org>; Sun, 23 Aug 2015 10:09:52 +0300 (EEST)
Received: from caido.ro ([127.0.0.1])
	by localhost (caido.ro [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id hSS1fwuQ-jzL for <users@httpd.apache.org>;
	Sun, 23 Aug 2015 10:09:51 +0300 (EEST)
Received: from localhost (localhost [127.0.0.1])
	by caido.ro (Postfix) with ESMTP id A5239140C07
	for <users@httpd.apache.org>; Sun, 23 Aug 2015 10:09:51 +0300 (EEST)
X-Amavis-Modified: Mail body modified (using disclaimer) - caido.ro
X-Virus-Scanned: amavisd-new at caido.ro
Received: from caido.ro ([127.0.0.1])
	by localhost (caido.ro [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id qouWS-5vehUJ for <users@httpd.apache.org>;
	Sun, 23 Aug 2015 10:09:51 +0300 (EEST)
Received: from [127.0.0.1] (unknown [89.43.152.14])
	by caido.ro (Postfix) with ESMTPSA id 4F4F2140C06
	for <users@httpd.apache.org>; Sun, 23 Aug 2015 10:09:51 +0300 (EEST)
From: "Sterpu Victor" <victor@caido.ro>
To: users@httpd.apache.org
Date: Sun, 23 Aug 2015 06:51:10 +0000
Message-Id: <em06b72b55-2d5f-4147-ac9e-082b5f7c40a7@victor-pc>
Reply-To: "Sterpu Victor" <victor@caido.ro>
User-Agent: eM_Client/6.0.21372.0
Mime-Version: 1.0
Content-Type: multipart/alternative;
 boundary="------=_MB52D21C19-8A60-45AC-BB39-736050B2634C"
X-Antivirus: avast! (VPS 150822-0, 08/23/2015), Outbound message
X-Antivirus-Status: Clean
Subject: [users@httpd] SSL - How client certificates are verified?

--------=_MB52D21C19-8A60-45AC-BB39-736050B2634C
Content-Type: text/plain; format=flowed; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hello

I have a web page that asks for client certificate.
These are the options for this:

SSLVerifyClient require
SSLVerifyDepth 10

How does SSLVerifyClient  verifies the client certificate?
This option protects against certificates manual made with a fake 
public-private key pair?
So can someoane make a certificate identical with the original, attach 
another set of public and private keys and pretend to be someoane else?

Thank you

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


--------=_MB52D21C19-8A60-45AC-BB39-736050B2634C
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<HTML><HEAD>
<STYLE id=3DeMClientCss>BLOCKQUOTE.cite {
	PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccccc 1px solid; PADD=
ING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
BLOCKQUOTE.cite2 {
	PADDING-TOP: 0px; PADDING-LEFT: 10px; MARGIN-LEFT: 5px; BORDER-LEFT: #cccc=
cc 1px solid; MARGIN-TOP: 3px; PADDING-RIGHT: 0px; MARGIN-RIGHT: 0px
}
=2Eplain PRE {
	FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: =
normal
}
=2Eplain TT {
	FONT-SIZE: 100%; FONT-FAMILY: monospace; FONT-WEIGHT: normal; FONT-STYLE: =
normal
}
A IMG {
	BORDER-TOP: 0px; BORDER-RIGHT: 0px; BORDER-BOTTOM: 0px; BORDER-LEFT: 0px
}
#x19281657d1d74368b2d0f3fdfc2113d3 {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
=2Eplain PRE {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
=2Eplain TT {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
BODY {
	FONT-SIZE: 12pt; FONT-FAMILY: Tahoma
}
</STYLE>
</HEAD>
<BODY>
<DIV>Hello</DIV>
<DIV>&nbsp;</DIV>
<DIV>I have a web page that asks for client certificate.</DIV>
<DIV>These are the options for this:</DIV>
<DIV>&nbsp;</DIV>
<DIV>SSLVerifyClient require<BR>SSLVerifyDepth 10<BR><BR>How&nbsp;does <SPA=
N id=3Dx19281657d1d74368b2d0f3fdfc2113d3>SSLVerifyClient</SPAN>&nbsp; verif=
ies the client certificate?</DIV>
<DIV>This option protects against certificates manual made with a fake publ=
ic-private key&nbsp;pair?</DIV>
<DIV>So can someoane make a&nbsp;certificate identical with the original, a=
ttach another set of public and private keys and pretend to be someoane els=
e?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thank you</DIV>
<br /><br />
<hr style=3D'border:none; color:#909090; background-color:#B0B0B0; height: =
1px; width: 99%;' />
<table style=3D'border-collapse:collapse;border:none;'>
	<tr>
		<td style=3D'border:none;padding:0px 15px 0px 8px'>
			<a href=3D"https://www.avast.com/antivirus">
				<img border=3D0 src=3D"http://static.avast.com/emails/avast-mail-stamp.=
png" alt=3D"Avast logo" />
			</a>
		</td>
		<td>
			<p style=3D'color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helv=
etica"; font-size:12pt;'>
				This email has been checked for viruses by Avast antivirus software.
				<br><a href=3D"https://www.avast.com/antivirus">www.avast.com</a>
			</p>
		</td>
	</tr>
</table>
<br />

<br>=
<html><body><p><font FACE=3DARIAL size=3D1 color=3DDARKGREEN><I><B>DISCLAIMER</B>: <BR>Acest mesaj de posta electronica si documentele aferente sunt confidentiale. Este interzisa distribuirea, dezvaluirea sau orice alt mod de utilizare a lor. Daca nu sunteti destinatarul acestui mesaj, este interzis sa actionati in baza acestor informatii. Citirea, copierea, distribuirea, dezvaluirea sau utilizarea in alt mod a informatiei continute in acest mesaj constituie o incalcare a legii. Daca ati primit mesajul din greseala, va rugam sa il distrugeti, anuntand expeditorul de eroarea comisa. Intrucat nu poate fi garantat faptul ca posta electronica este un mod sigur si lipsit de erori de transmitere a informatiilor, este responsabilitatea dvs. sa va asigurati ca mesajul (inclusiv documentele alaturate lui) este validat si autorizat spre a fi utilizat in mediul dvs.</I></font></p></body></html>
<br>=
</BODY></HTML>
--------=_MB52D21C19-8A60-45AC-BB39-736050B2634C--