You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/09/28 22:25:17 UTC
[Bug 60186] New: Adding a SSL Verify directive to accept expired
client certificate
https://bz.apache.org/bugzilla/show_bug.cgi?id=60186
Bug ID: 60186
Summary: Adding a SSL Verify directive to accept expired client
certificate
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
Assignee: bugs@httpd.apache.org
Reporter: bchauvaux@intertrust.com
Created attachment 34311
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34311&action=edit
Patch file
A new SSL directive SSLVerifyAcceptExpiredClient (on/off) would allow the SSL
engine to accept a client certificate with an expired notAfter date.
The motivation is to allow some client (old embedded, non upgradable device) to
still access a server.
The attached patch build over httpd trunk 2.5 creates a new directive and
corresponding flags in the server and directory configuration structures. The
expiration error bypass is performed in ssl_callback_SSLVerify
(ssl_engine_kernel.c)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 60186] Adding a SSL Verify directive to accept expired client
certificate
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60186
Steve Mitchell <mi...@intertrust.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mitchell@intertrust.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org