Re: Bug 35083 - SSL error trapping

2007-01-10 Thread Marc Stern - Approach
Hi Joe 1. The current idea is to trap validation-related errors, like certificate expiration/revocation. Shouldn't we also trap negotiation errors, like incompatible ciphersuites and protocols between browser and server ? Maybe other ones ? I would not try to solve everything at once;

Re: Bug 35083 - SSL error trapping

2007-01-09 Thread Joe Orton
Hi Marc, On Mon, Jan 08, 2007 at 02:15:44PM +0100, Marc Stern - Approach wrote: 1. The current idea is to trap validation-related errors, like certificate expiration/revocation. Shouldn't we also trap negotiation errors, like incompatible ciphersuites and protocols between browser and

Bug 35083 - SSL error trapping

2007-01-08 Thread Marc Stern - Approach
I patched mod_ssl to trap SSL errors related to certificate validation, allow the SSL connection anyway, then redirect to an error page. Although this works well, this is not implemented the best way, and I got some feedback on how to do it better. Before implementing it, I'd like to check some

Re: SSL error trapping

2005-05-10 Thread sternmarc
dev@httpd.apache.org Sent: Monday, May 09, 2005 4:03 PM Subject: Re: SSL error trapping Here is my final proposal. I changed it a bit in order to be fully compatible with the current implementation. Technical description (based on 2.0.54): In ssl_io_filter_connect( ) -

Re: SSL error trapping

2005-05-09 Thread sternmarc
Here is my final proposal. I changed it a bit in order to be fully compatible with the current implementation. Technical description (based on 2.0.54): In ssl_io_filter_connect( ) - ssl_engine_io.c - we have 2 cases (at line 1147 and 1173) where the connection may break because of

Re: SSL error trapping

2005-05-02 Thread sternmarc
rror.c") == 0 ) return DECLINED; } return HTTP_FORBIDDEN; - Original Message - From: [EMAIL PROTECTED] To: dev@httpd.apache.org Sent: Friday, April 29, 2005 12:26 PM Subject: SSL error trapping In case a SSL connection fails because a certificate is expired, or

SSL error trapping

2005-04-29 Thread sternmarc
In case a SSL connection fails because a certificate is expired, or a CRL is unavailable, etc., the browser receives a SSL error that results in a cryptic technical error displayed to the user - sometimes only an error number like in Firefox. In such a situation, the SSL connection could be

Re: SSL error trapping

2005-04-29 Thread Stephane Bailliez
[EMAIL PROTECTED] wrote: In case a SSL connection fails because a certificate is expired, or a CRL is unavailable, etc., the browser receives a SSL error that results in a cryptic technical error displayed to the user - sometimes only an error number like in Firefox. In such a situation, the

Re: SSL error trapping

2005-04-29 Thread sternmarc
[EMAIL PROTECTED] To: dev@httpd.apache.org Sent: Friday, April 29, 2005 2:20 PM Subject: Re: SSL error trapping [EMAIL PROTECTED] wrote: In case a SSL connection fails because a certificate is expired, or a CRL is unavailable, etc., the browser receives a SSL error that results in a cryptic

Re: SSL error trapping

2005-04-29 Thread sternmarc
Message - From: [EMAIL PROTECTED] To: dev@httpd.apache.org Sent: Friday, April 29, 2005 12:26 PM Subject: SSL error trapping In case a SSL connection fails because a certificate is expired, or a CRL is unavailable, etc., the browser receives a SSL error that results