On Tue, Oct 19, 2010 at 04:35:49PM -0400, Jeff Blaine wrote:
> >Works: SSL via my corporate cert, SSL via 3 other people's
> >corporate certs
> >Fails: 1 person's cert so far, yet is logged as "SUCCESS"
> >when logging SSL_CLIENT_VERIFY via CustomLog

Your verbose description of "something goes is not working" is hard to 
follow or condense down. Are you saying with the below configuration, 
you are seeing the SSLRequire work for all the users but that with the 
jblaine cert?

It could be an SSLRequire implementation bug but it is hard to tell.  Is 
the order of the users within the SSLRequire list significant?  Why are 
you matching by the whole S_DN rather than based on e.g. S_DN_CN alone?

You might be better off trying the httpd users' list:

http://httpd.apache.org/lists.html#http-users

Regards, Joe

> ><Location />
> >SetHandler perl-script
> >PerlResponseHandler RT::Mason
> >SSLVerifyClient require
> >
> >SSLRequire %{SSL_CLIENT_S_DN} in { \
> >"/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J.", \
> >"/O=our.org/OU=people/UID=mloveless/CN=Laveless Marc W.", \
> >"/O=our.org/OU=people/UID=mbs/CN=Simpson Mary B", \
> >"/O=our.org/OU=people/UID=bcietta/CN=Cietta Barbara A." \
> >}
> ></Location>
> ></VirtualHost>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      modssl-users@modssl.org
> Automated List Manager                            majord...@modssl.org
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majord...@modssl.org

Reply via email to