Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t

2005-01-31 Thread Geoffrey Young 

 Geoff, removing the SSLRequire line is right, it
 doesn't really matter though...

ok, done.  thanks for the input.

--Geoff

Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t

2005-01-28 Thread Joe Orton 
On Fri, Jan 28, 2005 at 02:40:38PM -, [EMAIL PROTECTED] wrote:
 +
 +# specific to 2.1
 +IfModule mod_authn_anon.c
 +IfModule mod_auth_basic.c
 +Location /ssl-fakebasicauth2
 +SSLVerifyClient  require
 +SSLRequire   %{SSL_CLIENT_VERIFY} eq SUCCESS
 +SSLOptions   +FakeBasicAuth +StdEnvVars

Did you mean SSLVerifyClient optional?  Otherwise the SSLRequire is
surely redundant?

Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t

2005-01-28 Thread Geoffrey Young 

 So Geoff is saying, you must try and at the next line you must also
 succeed. With SSLVerifyClient optional, the semantics would be
 instead Don't bother to insist for a certificate, but if user
 forgot it, give him flaming death. Considered inappropriate :-)

i'm no expert here - I took the SSLRequire line from the test case on
httpd-dev, while all the other tests use SSLVerifyClient so I kept it
without really understanding things at all.

  http://marc.theaimsgroup.com/?l=apache-httpd-devm=110685418427430w=2

so, are you saying that can remove SSLVerifyClient here and all is ok?  all
I wanted was to exercise FakeBasicAuth + mod_auth_anon.

--Geoff

Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t

2005-01-28 Thread Dominique Quatravaux 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Geoffrey Young wrote:
|
| so, are you saying that can remove SSLVerifyClient here and all is
| ok?
No no, you're right and Joe was wrong, you must not change a thing.
Sorry for being unclear!
- --
Dominique QUATRAVAUX   Ingénieur senior
01 44 42 00 08 IDEALX
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB+nBSMJAKAU3mjcsRAs2kAJ0UnznAggzN0IaBnA8sb+zAIbHNhQCgtKx2
soBw8BtkZf4UfJp9c7M3Ltc=
=VIp9
-END PGP SIGNATURE-

Re: svn commit: r148889 - /httpd/test/trunk/perl-framework/t/conf/ssl/ssl.conf.in /httpd/test/trunk/perl-framework/t/ssl/fakeauth.t

2005-01-28 Thread Joe Orton 
On Fri, Jan 28, 2005 at 05:22:28PM +, Joe Orton wrote:
 On Fri, Jan 28, 2005 at 06:03:14PM +0100, Dominique Quatravaux wrote:
  Geoffrey Young wrote:
  
  |
  | so, are you saying that can remove SSLVerifyClient here and all is
  | ok?
  
  No no, you're right and Joe was wrong, you must not change a thing.
  Sorry for being unclear!
 
 I think you're confused about the difference between SSLVerifyClient
 optional and require

...he says...

 : both insist on a new handshake, both send the
 client a CertificateRequest message, but the former will fail the SSL
 handshake if no cert is presented; the latter will not.

...and then explains it backwards - exchange former and latter in
that sentence...