mod_ssl: SSLRequire

2006-04-05 Thread Olaf Gellert
I try to do X.509 client authentication with Apache Apache/2.0.54. This works fine. Now I want to check for certain fields in the client certificate with SSLRequire. Even though I ask that %{SSL_CLIENT_S_DN_CN} eq Testuser the server permits accesss to a client with SSL_CLIENT_S_DN_CN=testuser2.

RE: mod_ssl: SSLRequire

2006-04-05 Thread Oliver.Schaudt
Perhaps SSLVerifyClient require Default is SSLVerifyClient none Greetings Oliver -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] im Auftrag von Olaf Gellert Gesendet: Mi 05.04.2006 14:08 An: modssl-users@modssl.org Betreff: mod_ssl: SSLRequire I try to do X.509 client

RE: Session Cache is not configured

2006-04-05 Thread Oliver.Schaudt
Do you have some lines like ifmodule mod_ssl.c or ifmodule ssl_module before the sslcache entry ? I have to put this out of my ssl-config before it worked. Greetings Oliver -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] im Auftrag von L. Steinbrügger - Fa. Rameder Gesendet: Mi

AW: Session Cache is not configured

2006-04-05 Thread L . Steinbrügger - Fa . Rameder
It's a good idea ... I'll try it :) -Ursprüngliche Nachricht- Von: Schaudt, Oliver [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] Gesendet: Mittwoch, 5. April 2006 16:56 An: modssl-users@modssl.org Betreff: RE: Session Cache is not configured Do you have some lines like

AW: Session Cache is not configured

2006-04-05 Thread L . Steinbrügger - Fa . Rameder
It works's :)) thanks a lot -Ursprüngliche Nachricht- Von: Schaudt, Oliver [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED] Gesendet: Mittwoch, 5. April 2006 16:56 An: modssl-users@modssl.org Betreff: RE: Session Cache is not configured Do you have some lines like ifmodule

Re: mod_ssl: SSLRequire

2006-04-05 Thread Olaf Gellert
[EMAIL PROTECTED] wrote: Perhaps SSLVerifyClient require Default is SSLVerifyClient none Good idea, but this is set already (otherwise the client would not authentify with the certificate) for this virtual host. Moving it into the directory section does not change anything either. And

RE: mod_ssl: SSLRequire

2006-04-05 Thread Oliver.Schaudt
[EMAIL PROTECTED] wrote: Perhaps SSLVerifyClient require Default is SSLVerifyClient none Good idea, but this is set already (otherwise the client would not authentify with the certificate) for this virtual host. Moving it into the directory section does not change anything either.

Re: mod_ssl: SSLRequire

2006-04-05 Thread Olaf Gellert
[EMAIL PROTECTED] wrote: How deep is VerifyDepth ? I guess this is the wrong direction of error checking. VerifDepth and VerifyRequire are used in evaluating the certificate chain on SSL connection establishment, the SSLRequire expression is evaluated after the HTTP request is successfully