On Tue, Oct 19, 2010 at 04:35:49PM -0400, Jeff Blaine wrote: > >Works: SSL via my corporate cert, SSL via 3 other people's > >corporate certs > >Fails: 1 person's cert so far, yet is logged as "SUCCESS" > >when logging SSL_CLIENT_VERIFY via CustomLog
Your verbose description of "something goes is not working" is hard to follow or condense down. Are you saying with the below configuration, you are seeing the SSLRequire work for all the users but that with the jblaine cert? It could be an SSLRequire implementation bug but it is hard to tell. Is the order of the users within the SSLRequire list significant? Why are you matching by the whole S_DN rather than based on e.g. S_DN_CN alone? You might be better off trying the httpd users' list: http://httpd.apache.org/lists.html#http-users Regards, Joe > ><Location /> > >SetHandler perl-script > >PerlResponseHandler RT::Mason > >SSLVerifyClient require > > > >SSLRequire %{SSL_CLIENT_S_DN} in { \ > >"/O=our.org/OU=people/UID=jblaine/CN=Blaine Charles J.", \ > >"/O=our.org/OU=people/UID=mloveless/CN=Laveless Marc W.", \ > >"/O=our.org/OU=people/UID=mbs/CN=Simpson Mary B", \ > >"/O=our.org/OU=people/UID=bcietta/CN=Cietta Barbara A." \ > >} > ></Location> > ></VirtualHost> > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager majord...@modssl.org ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majord...@modssl.org
