On Mon, Nov 21, 2016 at 12:40 PM, Helmut K. C. Tessarek <tessa...@evermeet.cx> wrote: > But I noticed that it is completely ignored (it always asks for a > user/password, no matter, if I have the client cert installed or not).
I only have experience w/ a proprietary SSL mod, but: * I didn't think SSLVerifyClient's data was ever implicitly used in lieu of basic auth, this gave me pause in the quoted sentence * The thing to look for here would be whether your request triggers an SSL renegotiation or not, and if in that 2nd handhsake there is a certificate request from the server. * These configs won't work when TLS1.3 arrives because there is no renegotiation. -- Eric Covener cove...@gmail.com