On Fri, Jun 27, 2008 at 08:40:43AM +0200, Florian Hackenberger wrote:
> On Thursday 26 June 2008, Florian Hackenberger wrote:
> > On Thursday 26 June 2008, Joe Orton wrote:
> > It denies access for what type of request, a directory listing?
> Ok, I think I understood the intention of your question. Accessing a
> specific file works, but getting the directory listing fails. Would
> that be a result of apache trying to access the protected directory in
> oder to read attributes for the listing, causing the certificate
> verification to kick in?
Yup. Changing the "SSLVerifyClient require" to:
SSLVerifyClient optional
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
might work around it; you'll still get a client cert request for the
subrequest, but it should end in a 403 rather than terminating the SSL
connection. (That will cause the protected directory to disappear from
the directory listing, unless you use "IndexOptions ShowForbidden")
Test this carefully though!
joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
