On 02/20/2010 12:22 AM, Eddy Nigg:
On 02/19/2010 08:59 PM, Jean-Marc Desperrier:
I just tried configuring a similar configuration, and thought more
and more whilst doing that it doesn't make sense, that it can't fail
in the way you described. And it doesn't (with two ports, but it
definitively would be the same with two IP).
But I met whilst configuring it a problem that *could* be the cause
of your problem.
Did you configure the "SSLVerifyClient require" option of the second
virtual server on the *root* of the second virtual host ?
Actually not, only on a particular location. However I wonder how that
should make a difference in case the only connection is made to a
particular URL.
It must not be inside a sub-directory, or you will get a
renegotiation error, even if your URL directly points to that directory.
And the logical explanation to that would be? Obviously we'll make
some further test along your comments, just wonder where the
difference is.
Apparently it does works - sort of. Still some way to go if this can /
will go into production. But I consider it pure luck so far...Apache
performs a renegotiation when none is needed when configuring client
authentication at a particular location, is there a logical explanation
for that? Or even considered correct implementation?
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
