Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t
On Fri, Jan 28, 2005 at 02:40:38PM -, [EMAIL PROTECTED] wrote: + +# specific to 2.1 +IfModule mod_authn_anon.c +IfModule mod_auth_basic.c +Location /ssl-fakebasicauth2 +SSLVerifyClient require +SSLRequire %{SSL_CLIENT_VERIFY} eq SUCCESS +SSLOptions +FakeBasicAuth +StdEnvVars Did you mean SSLVerifyClient optional? Otherwise the SSLRequire is surely redundant?
Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t
So Geoff is saying, you must try and at the next line you must also succeed. With SSLVerifyClient optional, the semantics would be instead Don't bother to insist for a certificate, but if user forgot it, give him flaming death. Considered inappropriate :-) i'm no expert here - I took the SSLRequire line from the test case on httpd-dev, while all the other tests use SSLVerifyClient so I kept it without really understanding things at all. http://marc.theaimsgroup.com/?l=apache-httpd-devm=110685418427430w=2 so, are you saying that can remove SSLVerifyClient here and all is ok? all I wanted was to exercise FakeBasicAuth + mod_auth_anon. --Geoff
Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Geoffrey Young wrote: | | so, are you saying that can remove SSLVerifyClient here and all is | ok? No no, you're right and Joe was wrong, you must not change a thing. Sorry for being unclear! - -- Dominique QUATRAVAUX Ingénieur senior 01 44 42 00 08 IDEALX -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB+nBSMJAKAU3mjcsRAs2kAJ0UnznAggzN0IaBnA8sb+zAIbHNhQCgtKx2 soBw8BtkZf4UfJp9c7M3Ltc= =VIp9 -END PGP SIGNATURE-
Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t
On Fri, Jan 28, 2005 at 05:22:28PM +, Joe Orton wrote: On Fri, Jan 28, 2005 at 06:03:14PM +0100, Dominique Quatravaux wrote: Geoffrey Young wrote: | | so, are you saying that can remove SSLVerifyClient here and all is | ok? No no, you're right and Joe was wrong, you must not change a thing. Sorry for being unclear! I think you're confused about the difference between SSLVerifyClient optional and require ...he says... : both insist on a new handshake, both send the client a CertificateRequest message, but the former will fail the SSL handshake if no cert is presented; the latter will not. ...and then explains it backwards - exchange former and latter in that sentence...