>Ok, +StructRequire is only possible with 2.3.x, so it's clear that it
doesn't
>work for 2.2.8. I've also looked at your httpd.conf: it's mainly the Apache
>default config and looks ok. So either we've found a very subtle bug in
>mod_ssl or your OCSP patches cause this side-effect. So it's important that
>first you try it out with a plain Apache+mod_ssl without any OCSP patches
from
>you.
>
I started a new Apache 1.3.6 + mod_ssl-2.2.8-1.3.6 + openssl-0.9.2b, without
my cert_status_lookup patch, and SSLRequire works fine also with
SSL_CLIENT_... env vars, like:
<Directory /home/giacob/src/work_ocsp/apache/htdocs/secure_area>
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
SSLRequire %{SSL_CLIENT_S_DN_Email} eq "e-mail on cert"
SSLRequireSSL
</Directory>
So I think the problem is in my patch ocsp cert status lookup with ldap,
that I sent to the list, any idea about which could be the problem ?
I bought Apache manual by Laurie's, and I'm trying to use ap_pfopen instead
of fopen to access files, it copiles right, but Netscape give me "I/O error
occurred while ...". Any suggestion about how to use ap_pfopen() and
ap_snprintf() (I think my problem is how manage pools, new thing for me) ?
>Not env-vars, you have to implement a few Apache directives similar to what
>mod_ssl does with the various SSLXXXX directives. For instance for you I
would
>use an "SSLOCSP" or "SSLLDAP" directive which parses "key=value" pairs at
it's
>arguments and sets the variables inside an internal structure which you
later
>use under run-time. For instance something like
>
>SSLLDAP server=callisto.comune.modena.it port=3389 dn=foobar passwd=test
>
Where openssl process directives ? Is there where I can add new directives ?
Thanks for everything,
Andrea
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
