On Fri, Sep 16, 2005 at 09:56:25AM +0100, David Reid wrote: > > Can we just back out the mod_setenvif stuff from the trunk or is someone > > going to make it work BTW? > > I didn't add the code, but unless it works then I'm +1 on it's removal. > That said, Dirk claims it works for him, so I'd be inclined to leave it > in trunk for now, but not in any releases. > > Martin: does it work for you?
I am currently trying to make it work... But ATM as soon as I require a client cert, I get a deadlock (both the SSL client and server try to read during the handshake). Hang out a little longer, please... To recap the problem, Joe said: > there > seems to be a rather annoying fundamental problem: the match_headers > hooks runs too early to be useful for this when doing per-dir client > cert negotiation. I haven't traced it: why is match_headers too early? In theory, the SSL negotiation has been done with before the request and headers can be read. Of course, it would be too late for switching on SSLVerifyClient in a per-dir-context unless it has already been on globally. But that has nothing to do with mod_setenvif, only with the way SSL requests work. Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-48332 | 81730 Munich, Germany
