Hello all, I'm setting up an https server with apache+mod_ssl+php. Since I have to check the client certificate at php level I put this line in httpd.conf:
SSLVerifyClient require The client certificate has been created with this extension: nsCertType = server At the client side I'm testing the application with this command: wget --sslcertfile=<hostcert.pem> --sslcertkey=<hostkey.pem> <url> This is the error I get: Unable to establish SSL connection. This is the apache error_log I get: [error] mod_ssl: Certificate Verification: Error (26): unsupported certificate purpose I can solve the problem putting these lines in mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_init.c /* * Configure CTX purpose */ SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY); just before /* * Configure Client Authentication details */ and rebuilding mod_ssl. Is there a cleaner way to configure the required client certificate purpose? Fabio Spataro ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]