On 09 Nov 2011, at 1:03 AM, Daniel Ruggeri wrote:
On 11/8/2011 3:10 PM, Stefan Fritsch wrote:
* mod_ssl's proxy support only allows one proxy client certificate
per
frontend virtual host. Lift this restriction.
jim sez: Why a blocker?, pgollucci +1 jim
wrowe asks: what's the API change required?
I'm not sure I understand this one... does anyone have the history to
elaborate?
Currently in our environment we have reverse proxies connecting to
client-cert-authenticated backends, and one of the things we can't do
is this:
<VirtualHost ...>
<Location /foo>
ProxyPass https://some.where.back.there/foo
...
</Location>
<Location /bar>
ProxyPass https://some.where.different/bar
...
</Location>
</VirtualHost>
where "https://some.where.back.there"; and "https://
some.where.different" are authenticated by separate sets of client
certs and separate CA certs.
We do some nasty php to get around this, it isn't ideal. It is nice to
have though, and shouldn't block 2.4.
Regards,
Graham
--
