Julian Blake Kongslie wrote: > I'm trying to setup an apache 2 server that offers SSL using anonymous > DH, and does not offer any certificate at all. Presently, my virtual > host configuration is as follows: > > <VirtualHost *:443> > ServerName testbed > GnuTLSEnable on > GnuTLSPriorities NORMAL:+ANON-DH > DocumentRoot /web > </VirtualHost> > > Unfortunately, apache 2 refuses to start, with the error: > [GnuTLS] - Host 'testbed:0' is missing a Certificate File! > > But that, of course, is exactly what I want. > > If I provide a X.509 certificate to satisfy mod_gnutls, it is delivered > to clients, even if I add "-CTYPE-X.509" to the priorities. I can get > approximately the right thing by providing an OpenPGP certificate > instead - it, too, is sent to clients, but nothing in the world > understands it, so it is simply ignored and the connection falls back to > ANON-DH mode as I desire. > Please tell me there's a better way?
Don't really think so. I've never considered anon to be the only option in mod_gnutls. If you provide a dummy certificate and set -CTYPE-X509 and -CTYPE-OPENPGP does it do what you expect? regards, Nikos _______________________________________________ Modules mailing list Modules@lists.outoforder.cc http://lists.outoforder.cc/mailman/listinfo/modules
