You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2010/10/14 14:59:43 UTC
DO NOT REPLY [Bug 50094] New: Report information about certificate
when validation fails
https://issues.apache.org/bugzilla/show_bug.cgi?id=50094
Summary: Report information about certificate when validation
fails
Product: Apache httpd-2
Version: 2.2.16
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: lat@cern.ch
The attached patch implements better error reporting when client certificate
verification fails. It hasn't seen much real-life use yet, but we're testing it
on 2.2.16 based server. As far as I can tell it provides desired better error
reporting. It seems code in 2.3.8 is still the same in this area.
Currently if client certificate verification fails, there's relatively little
in server logs to allow diagnosis of what went wrong - there's no information
about the certificate or the issuer. This patch reports subject and issuer
names as well as certificate validity period.
We hope this helps us better determine why errors happen, and to harvest useful
warnings for operators from the logs.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50094] Report information about certificate when
validation fails
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50094
--- Comment #1 from Lassi Tuura <la...@cern.ch> 2010-10-14 09:00:33 EDT ---
Created an attachment (id=26176)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=26176)
ssl_callback_SSLVerify patch to report more info on failure
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50094] Report information about certificate when
validation fails
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50094
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #3 from Stefan Fritsch <sf...@sfritsch.de> 2012-02-26 17:08:54 UTC ---
fixed in 2.4.1
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50094] Report information about certificate when
validation fails
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50094
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |FixedInTrunk
--- Comment #2 from Stefan Fritsch <sf...@sfritsch.de> 2010-10-16 05:54:07 EDT ---
Thanks for the patch. Commited to trunk with some tweaks as r1023225
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org