I try to do X.509 client authentication with Apache
Apache/2.0.54. This works fine. Now I want to check
for certain fields in the client certificate with
SSLRequire. Even though I ask that
%{SSL_CLIENT_S_DN_CN} eq Testuser
the server permits accesss to a client with
SSL_CLIENT_S_DN_CN=testuser2.
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Olaf Gellert
Gesendet: Mi 05.04.2006 14:08
An: modssl-users@modssl.org
Betreff: mod_ssl: SSLRequire
I try to do X.509 client
Do you have some lines like
ifmodule mod_ssl.c or ifmodule ssl_module
before the sslcache entry ?
I have to put this out of my ssl-config before it worked.
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von L. Steinbrügger - Fa. Rameder
Gesendet: Mi
It's a good idea ... I'll try it :)
-Ursprüngliche Nachricht-
Von: Schaudt, Oliver [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED]
Gesendet: Mittwoch, 5. April 2006 16:56
An: modssl-users@modssl.org
Betreff: RE: Session Cache is not configured
Do you have some lines like
It works's :)) thanks a lot
-Ursprüngliche Nachricht-
Von: Schaudt, Oliver [mailto:[EMAIL PROTECTED] Im Auftrag von [EMAIL PROTECTED]
Gesendet: Mittwoch, 5. April 2006 16:56
An: modssl-users@modssl.org
Betreff: RE: Session Cache is not configured
Do you have some lines like
ifmodule
[EMAIL PROTECTED] wrote:
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Good idea, but this is set already (otherwise the
client would not authentify with the certificate)
for this virtual host. Moving it into the directory
section does not change anything either. And
[EMAIL PROTECTED] wrote:
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Good idea, but this is set already (otherwise the
client would not authentify with the certificate)
for this virtual host. Moving it into the directory
section does not change anything either.
[EMAIL PROTECTED] wrote:
How deep is VerifyDepth ?
I guess this is the wrong direction of error checking.
VerifDepth and VerifyRequire are used in evaluating the
certificate chain on SSL connection establishment, the
SSLRequire expression is evaluated after the HTTP request
is successfully