On 8 Nov 2011, at 23:03, Daniel Ruggeri wrote: > On 11/8/2011 3:10 PM, Stefan Fritsch wrote: > > * mod_ssl's proxy support only allows one proxy client certificate per > > frontend virtual host. Lift this restriction. > > jim sez: Why a blocker?, pgollucci +1 jim > > wrowe asks: what's the API change required? > > I'm not sure I understand this one... does anyone have the history to > elaborate? >
Three things really - in order of priority: - Specify a specific client cert per proxy-pass or other <Location and so on. - Be able to have a bunch of client certs respond/get picked right (narrowest) when the server gives a list of acceptable authorities. - Be able to lock a specific client cert down to a cert in the chain of the servers issuer; or to the DN/etc of the server. Though the latter/last is easily worked around with by having multiple vhosts wrapped around. Dw
smime.p7s
Description: S/MIME cryptographic signature