You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/09/20 17:49:23 UTC
DO NOT REPLY [Bug 31314] New: -
SSLVerifyClient does not request client certificate from browser
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31314>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31314
SSLVerifyClient does not request client certificate from browser
Summary: SSLVerifyClient does not request client certificate from
browser
Product: Apache httpd-2.0
Version: 2.0.51
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: dtoler@webfargo.com
SSLVerifyClient does not request the client certificate from browser. I tested
2.0.48, 2.0.50 and 2.0.51 to no avail. The config works properly in v1.3.x
my config:
Alias /secure/ "/var/www/secure/"
<Directory "/var/www/secure">
Options None
AllowOverride AuthConfig
SSLRequireSSL
SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars \
+StrictRequire +OptRenegotiate
Order deny,allow Deny from all
Allow from 10.0.1.0/24
AuthType Basic
AuthUserFile /etc/htpasswd.secure
AuthName "Secure Access"
require valid-user
Satisfy Any
</Directory>
The premise is to request client certificates if the browser has one. If not,
then request HTTP 401 Authorization. In /etc/htpasswd.secure, i have the
complete DN of my certificate and the hash of the word 'password' as per the
mod_ssl documentation (to satisfy mod_auth when using FakeBasicAuth)
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org