[Bug 60186] New: Adding a SSL Verify directive to accept expired client certificate

bugzilla Wed, 28 Sep 2016 15:25:35 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=60186


            Bug ID: 60186
           Summary: Adding a SSL Verify directive to accept expired client
                    certificate
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 34311
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=34311&action=edit
Patch file

A new SSL directive SSLVerifyAcceptExpiredClient (on/off) would allow the SSL
engine to accept a client certificate with an expired notAfter date.

The motivation is to allow some client (old embedded, non upgradable device) to
still access a server.

The attached patch build over httpd trunk 2.5 creates a new directive and
corresponding flags in the server and directory configuration structures. The
expiration error bypass is performed in ssl_callback_SSLVerify
(ssl_engine_kernel.c)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 60186] New: Adding a SSL Verify directive to accept expired client certificate

Reply via email to