Hi Joe
1. The current idea is to trap validation-related errors, like
certificate expiration/revocation.
Shouldn't we also trap negotiation errors, like incompatible
ciphersuites and protocols between browser and server ?
Maybe other ones ?
I would not try to solve everything at once; jus
Hi Marc,
On Mon, Jan 08, 2007 at 02:15:44PM +0100, Marc Stern - Approach wrote:
> 1. The current idea is to trap validation-related errors, like
> certificate expiration/revocation.
> Shouldn't we also trap negotiation errors, like incompatible
> ciphersuites and protocols between browser and se
I patched mod_ssl to trap SSL errors related to certificate validation,
allow the SSL connection anyway, then redirect to an error page.
Although this works well, this is not implemented the best way, and I
got some feedback on how to do it better.
Before implementing it, I'd like to check some p
