RE: mod_ssl: SSLRequire
>[EMAIL PROTECTED] wrote: >> Perhaps >> SSLVerifyClient require >> >> Default is >> SSLVerifyClient none >Good idea, but this is set already (otherwise the >client would not authentify with the certificate) >for this virtual host. Moving it into the directory >section does not change anything either. And VerifyDepth >is set, too... How deep is VerifyDepth ? I know it will be a big file, but for this purposes i use to turn on "LogLevel Debug" than the error_log will become very verbose. There Apache will tell if your "testuser" will be checked or not . >Olaf bye Oliver -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] <>
RE: Session Cache is not configured
Do you have some lines like or before the sslcache entry ? I have to put this out of my ssl-config before it worked. Greetings Oliver -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] im Auftrag von L. Steinbrügger - Fa. Rameder Gesendet: Mi 05.04.2006 16:45 An: modssl-users@modssl.org Betreff: Session Cache is not configured Hallo, I have a problem with APACHE MOD SSL. I installed Apache 2.2.0 at an Suse Linux System. The Server works fine, also with SSL, but in my SSL LOG the following Error Code is written : ssl_error.log - [warn] Init: Session Cache is not configured [hint: SSLSessionCache] - I believe that the error is my ssl_global.conf but i found no further information in the internet ... ssl_global.conf SSLSessionCache dbm:/var/log/apache2/ssl_cache SSLSessionCacheTimeout 600 --- The following modules are installed --- core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) suexec_module (shared) actions_module (shared) alias_module (shared) autoindex_module (shared) cgi_module (shared) dir_module (shared) include_module (shared) log_config_module (shared) mime_module (shared) negotiation_module (shared) setenvif_module (shared) status_module (shared) userdir_module (shared) asis_module (shared) rewrite_module (shared) ssl_module (shared) vhost_alias_module (shared) php5_module (shared) authn_dbm_module (shared) auth_basic_module (shared) authz_groupfile_module (shared) authz_host_module (shared) authn_file_module (shared) authz_user_module (shared) authz_default_module (shared) --- I hope that someone can help me :) Lars Steinbrügger __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] <>
RE: mod_ssl: SSLRequire
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Olaf Gellert
Gesendet: Mi 05.04.2006 14:08
An: modssl-users@modssl.org
Betreff: mod_ssl: SSLRequire
I try to do X.509 client authentication with Apache
Apache/2.0.54. This works fine. Now I want to check
for certain fields in the client certificate with
SSLRequire. Even though I ask that
%{SSL_CLIENT_S_DN_CN} eq "Testuser"
the server permits accesss to a client with
SSL_CLIENT_S_DN_CN="testuser2". What's wrong?
Here is the according section from my config:
SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars +StrictRequire
AllowOverride None
Options +FollowSymLinks +Includes
Order deny,allow
Deny from all
Allow from localhost
SSLRequireSSL
SSLRequire (%{SSL_CLIENT_S_DN_O} eq "SSLTest SubCA 01" \
&& %{SSL_CLIENT_S_DN_OU} eq "User Certificates" \
&& %{SSL_CLIENT_S_DN_CN} eq "Testuser" )
Anything forgotten? If I print out the environment from
within the webpage (with SSI #printenv), I see (among all
the other variables):
SSL_CLIENT_S_DN_O=SSLTest SubCA 01
SSL_CLIENT_S_DN_OU=User Certificates
SSL_CLIENT_S_DN_CN=testuser2
Hmmm Any clues?
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Senior Researcher, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
<>
