Joe Orton wrote:
I hacked up a quick test based on Dirk's make_sni.sh; this adds
SSLVerifyClient SSLCACertificateFile to the second and third named
vhosts.
And this confirms my original suspicions: I can access those vhosts
without having to present a certificate, i.e. the configured
On Wed, Feb 13, 2008 at 10:00:23AM +0100, Kaspar Brand wrote:
While I was testing revocation checking for client certs in an SNI
configuration (Dirk, many thanks for make_sni.sh, btw!), I came across a
flaw in the current implementation when CRL information - i.e.
On Apr 22, 2008, at 5:53 PM, Joe Orton wrote:
On Wed, Feb 13, 2008 at 10:00:23AM +0100, Kaspar Brand wrote:
While I was testing revocation checking for client certs in an SNI
configuration (Dirk, many thanks for make_sni.sh, btw!), I came
across a
flaw in the current implementation when CRL
On Tue, Apr 22, 2008 at 06:27:26PM +0200, Dirk-Willem van Gulik wrote:
On Apr 22, 2008, at 5:53 PM, Joe Orton wrote:
On Wed, Feb 13, 2008 at 10:00:23AM +0100, Kaspar Brand wrote:
While I was testing revocation checking for client certs in an SNI
configuration (Dirk, many thanks for
On Feb 13, 2008, at 10:00 AM, Kaspar Brand wrote:
While I was testing revocation checking for client certs in an SNI
configuration (Dirk, many thanks for make_sni.sh, btw!), I came
across a
flaw in the current implementation when CRL information - i.e.
Thank YOU (me feel silly now - as I
While I was testing revocation checking for client certs in an SNI
configuration (Dirk, many thanks for make_sni.sh, btw!), I came across a
flaw in the current implementation when CRL information - i.e.
SSLCARevocationFile/SSLCARevocationPath - is set on a per-vhost basis
(don't know how much