Hi, folks; I wanted draw attention to the 2.2 STATUS file where the SSLProxyMachineCertificateChainFile directive awaits any additional votes. I know there was a lot of discussion between Kaspar and myself getting things in place, but I hope that didn't turn folks off to the patch.
For quick reference, the patch makes it so a target server can trust a root CA (for client auth) and allows httpd to choose the right certificate if the client cert is not directly issued by a trusted CA (2+ chain length). Depending on interpretation of RFC5246, adding this patch would bring httpd into compliance. More back and forth at https://issues.apache.org/bugzilla/show_bug.cgi?id=50812. P.S. Have fun at ACNA2011 - wish I could be there! -- Daniel Ruggeri
