On Thu, Mar 04, 1999, Anton Voronin wrote:
> is it possible to configure mod-ssl *not* to trust to self-signed
> certificates?
You mean client certificates, right? Hmmm.. yes, you can use SSLRequire in
addition to the standard client verification to require that the issuer of the
client certificate is not equal the subject of the certificate:
SSLRequire %{SSL_CLIENT_I_DN} != %{SSL_CLIENT_S_DN}
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
