Hi Joe
1. The current idea is to trap validation-related errors, like
certificate expiration/revocation.
Shouldn't we also trap negotiation errors, like incompatible
ciphersuites and protocols between browser and server ?
Maybe other ones ?
I would not try to solve everything at once;
Hi Marc,
On Mon, Jan 08, 2007 at 02:15:44PM +0100, Marc Stern - Approach wrote:
1. The current idea is to trap validation-related errors, like
certificate expiration/revocation.
Shouldn't we also trap negotiation errors, like incompatible
ciphersuites and protocols between browser and
I patched mod_ssl to trap SSL errors related to certificate validation,
allow the SSL connection anyway, then redirect to an error page.
Although this works well, this is not implemented the best way, and I
got some feedback on how to do it better.
Before implementing it, I'd like to check some
dev@httpd.apache.org
Sent: Monday, May 09, 2005 4:03 PM
Subject: Re: SSL error trapping
Here is my final proposal.
I changed it a bit in order to be fully compatible with the
current implementation.
Technical description (based on
2.0.54):
In ssl_io_filter_connect( ) -
Here is my final proposal.
I changed it a bit in order to be fully compatible with the
current implementation.
Technical description (based on
2.0.54):
In ssl_io_filter_connect( ) - ssl_engine_io.c - we have 2
cases (at line 1147 and 1173) where the connection may break because of
rror.c") == 0 ) return
DECLINED; } return
HTTP_FORBIDDEN;
- Original Message -
From:
[EMAIL PROTECTED]
To: dev@httpd.apache.org
Sent: Friday, April 29, 2005 12:26
PM
Subject: SSL error trapping
In case a SSL connection fails because a certificate is
expired, or
In case a SSL connection fails because a certificate is
expired, or a CRL is unavailable, etc., the browser receives a SSL error that
results in a cryptic technical error displayed to the user - sometimes only an
error number like in Firefox. In such a situation, the SSL connection could be
[EMAIL PROTECTED] wrote:
In case a SSL connection fails because a certificate is expired, or a
CRL is unavailable, etc., the browser receives a SSL error that results
in a cryptic technical error displayed to the user - sometimes only an
error number like in Firefox. In such a situation, the
[EMAIL PROTECTED]
To: dev@httpd.apache.org
Sent: Friday, April 29, 2005 2:20 PM
Subject: Re: SSL error trapping
[EMAIL PROTECTED] wrote:
In case a SSL connection fails because a certificate is expired, or a CRL
is unavailable, etc., the browser receives a SSL error that results in a
cryptic
Message -
From:
[EMAIL PROTECTED]
To: dev@httpd.apache.org
Sent: Friday, April 29, 2005 12:26
PM
Subject: SSL error trapping
In case a SSL connection fails because a certificate is
expired, or a CRL is unavailable, etc., the browser receives a SSL error that
results
10 matches
Mail list logo