>
> OpenSSL picks up the server's cert chain also from SSLCACertificate{Path,File}
> when available there. So, all you've to do is to place the cert chain for the
> server also into this location and mod_ssl is able to send it out in the SSL
> handshake phase.
If i do that, any certificate signed by the same CA as your server
certificate is accepted when you verify the client certificate.
So if i had a Secure Server certificate, and the Secure Server CA is
signed by the same Root CA as a Class 1 CA or Class 2 CA ... all these
client certificates are accepted in the client authenticated server.
May be it would be more logical to have several files and options in the
configuration, for client authentication and for the server chain ?
Marc
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
