You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Daniel Ruggeri <DR...@primary.net> on 2011/10/29 01:44:57 UTC

Trolling for votes

Hi, folks;
   I wanted draw attention to the 2.2 STATUS file where the
SSLProxyMachineCertificateChainFile directive awaits any additional
votes. I know there was a lot of discussion between Kaspar and myself
getting things in place, but I hope that didn't turn folks off to the patch.

   For quick reference, the patch makes it so a target server can trust
a root CA (for client auth) and allows httpd to choose the right
certificate if the client cert is not directly issued by a trusted CA
(2+ chain length). Depending on interpretation of RFC5246, adding this
patch would bring httpd into compliance. More back and forth at
https://issues.apache.org/bugzilla/show_bug.cgi?id=50812.

P.S.
   Have fun at ACNA2011 - wish I could be there!

-- 
Daniel Ruggeri