You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/02/11 21:11:28 UTC
[Bug 61929] Configure mod_ssl for send empty distinguished names
list
https://bz.apache.org/bugzilla/show_bug.cgi?id=61929
--- Comment #1 from Emerson Gomes <em...@gmail.com> ---
With this same need, we managed to achieve having a empty CA list by commenting
out line 873 in modules/ssl/ssl_engine_init.c
/* SSL_CTX_set_client_CA_list(ctx, ca_list); */
Quite a bit of a hack.
In HAProxy this is done by parameter "no-ca-names":
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.1-no-ca-names
It also achieves that by wrapping the same statement above in an "if".
I believe this should also be added as a parameter in httpd.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org