Hi there,
the website I'm currently implementing using client certificates for
authentication. I use SSLFakeBasicAuth and .htaccess files for
access-control.
The problem I have is this: the server requires certification for every
different directory that is accessed.
For example I request a document named example.html from a directory that
has a .htaccess file. The server request my certificate. I sent my
certificate. The server checks it and approves because my DN is in the
password file. No problems so far.
Now... in the example.html are a couple of links to images. The brower
then request this images from the server. The directory in which these
images reside on the server does NOT have access-restrictions. ("allow
from all" etc.), but the server requests a certificate nonetheless!
So for one page that I request from the server I have to sent my
certificate several times which is very annoying.
Has anyone experienced this before? Is the ssl session cache not working?
Is it related to the .htacces files setup?
I use Apache 1.3.4 with mod_ssl 2.1.7 on Solaris 2.6. (mod_ssl as shared
lib)
Thanks,
--
Camiel Dobbelaar
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
