On 02/19/2010 08:59 PM, Jean-Marc Desperrier:
I just tried configuring a similar configuration, and thought more and
more whilst doing that it doesn't make sense, that it can't fail in
the way you described. And it doesn't (with two ports, but it
definitively would be the same with two IP).
But I met whilst configuring it a problem that *could* be the cause of
your problem.
Did you configure the "SSLVerifyClient require" option of the second
virtual server on the *root* of the second virtual host ?
Actually not, only on a particular location. However I wonder how that
should make a difference in case the only connection is made to a
particular URL.
It must not be inside a sub-directory, or you will get a renegotiation
error, even if your URL directly points to that directory.
And the logical explanation to that would be? Obviously we'll make some
further test along your comments, just wonder where the difference is.
Another point : We'll need to document that renegotiation is the
default and systematic behavior of IIS, even when client
authentication is required everywhere. You must change a flag with a
script to correct that.
Right. And does that omit renegotiation by the server?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto