You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Clemens Wyss DEV <cl...@mysign.ch> on 2014/10/02 10:46:45 UTC
[users@httpd] "conditional" client certificate verification
We are about to introduce client certificates for (optional) authentication.
...
SSLOptions +StdEnvVars +ExportCertData
SSLCACertificateFile conf/ssl.crt/ca.crt SSLVerifyClient optional SSLVerifyDepth 4 ...
Unfortunately Safari@mac has "problems" (apparently a bug) connecting to Apache http://serverfault.com/questions/259610/could-not-establish-a-secure-connection-to-server-with-safari
Is there an alternative to the SSLInsecureRenegotiation flag?
What I'd like to do is something like
<If "%{HTTP_USER_AGENT} !~ /Safari/">
SSLCACertificateFile conf/ssl.crt/ca.crt
SSLVerifyClient optional
SSLVerifyDepth 10
</If>
How "insecure" is the SSLInsecureRenegotiation flag?
Any help/advice appreciated
- Clemens