Hello Michael, The version in the Debian repositories is quite old, and much of that code has been reworked. Could you please try a newer version from our GIT repo at http://github.com/Jasig/mod_auth_cas/?
Tag "v1.0.9.1" is the most recent stable release "master" should be stable and has some newer features and fixes Branch "attz" is the latest greatest, and will be merged into "master" soon Please at least try 1.0.9.1, and let us know your results. Thank you, -Matt On Sat, May 19, 2012 at 7:19 AM, Michael Hierweck <t...@edv-serviceteam.net>wrote: > Hi, > > I'm trying to implement CAS based authentication against > https://login.hostsharing.net. > > Eventhough there don't seem to be any issues among the certificate, > > openssl s_client -CApath /etc/ssl/certs/ > -connect login.hostsharing.net:443 > > [...]Verify return code: 0 (ok)[...] > > > mod_auth_cas comslains: > > MOD_AUTH_CAS: > Certificate CN does not match login.hostsharing.net > > My configuration looks like: > > CASVersion 2 > CASDebug On > CASValidateServer On > CASValidateDepth 9 > CASAllowWildcardCert On > CASCertificatePath /etc/ssl/certs/ > CASLoginURL https://login.hostsharing.net/cas/login > CASValidateURL https://login.hostsharing.net/cas/serviceValidate > CASCookieEntropy 32 > CASCookiePath /var/cache/apache2/mod_auth_cas/ > CASTimeout 600 > CASIdleTimeout 300 > CASCacheCleanInterval 900 > > AuthType CAS > Require valid-user > > I tried several modifications without any improvement. > > What's wrong with my setup? (Debian Package Version 1.0.8-3) > > Note: > > I tried to debug mod_auth_cas and figured out that the invocation of > X509_verify_cert(xctx) returns an result which lets check_cert_cn return > FALSE immediately. > > Thanks in advance > > Michael > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > m...@forsetti.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- m...@forsetti.com Key ID:7208B5B4 -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
