You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ricky Burgin <ri...@burg.in> on 2009/12/06 18:19:13 UTC
SSLVerifyClient in
Hello all,
I've heard about the recent vulnerability regarding SSL renegotiations
and from what I can tell, it seems to have broken the usage of
SSLVerifyClient inside a httpd <Directory> directive.
I'm trying to get Apache to verify client certificates, but only for a
specific directory on my website, yet it only seems to kick in and work
if I do it inside the <VirtualHost> directive, but not inside a
<Directory> directive.
I'm going by the examples presented on
http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients yet
they seem to suffer from the exact same issue.
Any help would be appreciated.
Best regards,
Ricky Burgin
Re: SSLVerifyClient in
Posted by Ruediger Pluem <rp...@apache.org>.
On 12/06/2009 06:19 PM, Ricky Burgin wrote:
> Hello all,
>
> I've heard about the recent vulnerability regarding SSL renegotiations
> and from what I can tell, it seems to have broken the usage of
> SSLVerifyClient inside a httpd <Directory> directive.
>
> I'm trying to get Apache to verify client certificates, but only for a
> specific directory on my website, yet it only seems to kick in and work
> if I do it inside the <VirtualHost> directive, but not inside a
> <Directory> directive.
>
> I'm going by the examples presented on
> http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients yet
> they seem to suffer from the exact same issue.
>
> Any help would be appreciated.
I cannot confirm this. Please post to the users list and provide the configuration
and the issues you faced.
Regards
RĂ¼diger