Hello all,
I'm setting up an https server with apache+mod_ssl+php. Since I have to
check the client certificate at php level I put this line in httpd.conf:
SSLVerifyClient require
The client certificate has been created with this extension:
nsCertType = server
At the client side I'm testing the application with this command:
wget --sslcertfile=<hostcert.pem> --sslcertkey=<hostkey.pem> <url>
This is the error I get:
Unable to establish SSL connection.
This is the apache error_log I get:
[error] mod_ssl: Certificate Verification: Error (26): unsupported
certificate purpose
I can solve the problem putting these lines in
mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_init.c
/*
* Configure CTX purpose
*/
SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY);
just before
/*
* Configure Client Authentication details
*/
and rebuilding mod_ssl.
Is there a cleaner way to configure the required client certificate purpose?
Fabio Spataro
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
