On Sat, Jun 24, 2000 at 12:23:33AM +0200, Leonardo Modeo wrote:
> Hi Hi,
>
> My web server (Apache 1.3.12) has SSL client authentication enabled to allow
> access to a directory only to a restricted group of users. Users
> authentication works fine. User certificate have been signed by a CA that I
> have created with OpenSSL 0.9.5a. Now, I' ve generated a CRL file with
> OpenSSL (cca.sh revoke file.crt) because I want to forbid access to one of
> these users. I' ve generated CRL file and placed it into a file that matches
> the "SSLCARevocationFile /path-to-crl-file/file.crl" Apache directive , but
> that does not seem to work. That user can still see the protected pages. It
> just seems that the SSLCARevocationFile directive is ignored by Apache.
> Platform is Red Hat Linux 6.0.
>
Have you checked with openssl that this is a valid CRL?
There is a previous report of similar problems, but they were only there when
the CRL was invalid (or signed by another CA). See
http://marc.theaimsgroup.com/?l=apache-modssl&m=95830676318213&w=2
I'm going to spend some time next week looking into this issue with the guy
who sent in the previous report - I've got a fairly good idea about why it
fails.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]