Hi,
That is not a bug, it is a feature! With the TLS renegotiation there
is a theoretical man-in-the-middle-attack possible. To prevent that
the developers decided to deactivate the TLS renegotiation.
Solution: use SSLInsecureRenegotiation on
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#ssl
Hello,
In a host where client certificate is optional and in some directories
requirement. Server is SNI, and this configuration works fine before
SNI.
>
> SSLVerifyClient optional
>
> SSLVerifyClient require
...
I use SNI client (firefox) with client certificate that works
hi,
i'm in the setup of a ssl-enabled apache2 server with mod_ssl - works
fine so far *but* when a client-browser opens multiple simulanous
connections for one page to the server the Client-Certificate gets
requested the same number of times from the user.
The corresponding Br
Hello,
I'm having a problem with Internet Explorer's "Show friendly HTTP error
messages" in response to a 403 generated by an SSLRequire directive, when
trying client certificate authentication.
I've come across some information about over-riding the browser config b
Hi,
Is there an upper bound on maximum client certificate size that
Apache/Mod_ssl can handle.
I am using
SSL_VERSION_LIBRARY=OpenSSL/0.9.7b , Apache 1.3.27
Thanks,
Vishal
Visit our website at http://www.ubs.com
This message contains confidential information and is intended only
for the
Title: Client certificate
Hi ,
I am trying to implement client authentication based on client certificates.
I want to throw up an error message to the "user/browser" in case client certificate is invalid.
What I got was that "The page cannot be displayed" error if an
On Tue, Jun 06, 2006 at 03:36:37PM -0400, Paul D. Robertson wrote:
> I'm trying to get mod_proxy to work as an SSL proxy using a client
> certificate on the proxy to connect to a backend IIS server that's set up
> to use any client certificate signed by my OpenSSL-based CA
Guess I've been hearing wrong for 3 years now ;)
Time to go digging...On 6/8/06, Paul D. Robertson <[EMAIL PROTECTED]> wrote:
On Wed, 7 Jun 2006, BJ Swope wrote:> >From everything I've heard and read, mod-proxy will not proxy HTTPS on the> back like what you are asking. You can have HTTPS on the
On Wed, 7 Jun 2006, BJ Swope wrote:
> >From everything I've heard and read, mod-proxy will not proxy HTTPS on the
> back like what you are asking. You can have HTTPS on the front end but not
> on the back. It will have to be HTTP to the back.
>
> If you get this working I would LOVE to hear how
, Paul D. Robertson <[EMAIL PROTECTED]> wrote:
Hi,I'm trying to get mod_proxy to work as an SSL proxy using a clientcertificate on the proxy to connect to a backend IIS server that's set upto use any client certificate signed by my OpenSSL-based CA.
If I use a browser with the same cer
Hi,
I'm trying to get mod_proxy to work as an SSL proxy using a client
certificate on the proxy to connect to a backend IIS server that's set up
to use any client certificate signed by my OpenSSL-based CA.
If I use a browser with the same certificate bundled up as a PKCS12
bundl
("SSL_CLIENT_S_DN"); // can also get
the whole cert: SSL_CLIENT_CERT
And parse out the common name.
Nadeem
From: [EMAIL PROTECTED] on behalf of August West
Sent: Mon 8/22/2005 12:17 PM
To: modssl-users@modssl.org
Subject: export client certificate C
>I am trying to use mod_auth_ldap with apache2, and I am having
>trouble figuring out how to generate a trusted Certificate
>Authority certificate. I tried using the Netscape certificate
>database file as the apache docs suggest, but I'm still
>getting a complaint from LDAP that "LDAP: ssl con
I am trying to use mod_auth_ldap with apache2, and I am having trouble
figuring out how to generate a trusted Certificate Authority
certificate. I tried using the Netscape certificate database file as
the apache docs suggest, but I'm still getting a complaint from LDAP
that "LDAP: ssl connections
I am currently using mod_ssl to verify client certs.
are issued by trusted CAs (e.g. SSLVerifyClient
require), but then using username/password for
application identification/authorization, passing this
to Oracle via Tomcat using JAVA. However, I'd like to
be able to use client certs. for I/A by e
Hi,
I know this has been raised before but please read on.
Currently AFAIK client certificate expiry checking is
done by openssl and the connection is terminated
before apache comes into play, hence no error page can
be sent. This is a problem as IE doesn't tell the user
the client certif
"test" site IE 6.x just times out. For that reason
I am suspicious of the apache configuration but I can't be certain.
I tried with FireFox (1.0) and it also timed out. Firefox is
configured to "ask every time" for client cert. selection and
like IE, I am not pr
Hello,
Does mod_ssl support any type of error handling for
the client certificate authentification?
I'd really like to have another page load than a
server not found one when a client presents an invalid certificate.
If not, is it possible to bypass some verifications
such as the
.1.27 server, client IE6 with
Java 1.4 plugin from Sun).
The web-server should run all applications only over SSL and with client
certificate verification enabled.
So I set up all the necessary configuration, including server and client
certificates (our company has it's own internal CA), and m
ld be the problem?
>
> ---
>
> I'm having a strange problem with Apache 2.0.45, mod_ssl with openssl
> 0.9.6i (and possibly a factor also tomcat 4.1.27 server, client IE6 with
> Java 1.4 plugin from Sun).
>
> The web-server should run all applications only over SSL and with client
Hello,
I'm having a strange problem with Apache 2.0.45 / openssl 0.9.6 (and
possibly tomcat 4.1.27).
The web-server should run all applications only over SSL and with client
certificate verification enabled.
So I set up all the necessary configuration, including server and client
certifi
HiI am
trying to get the SSL_CLIENT_S_DN_CN from a client certificateto use it in a
RewriteRule. But I always get empty quary string. The configis as
following:SSLOptions +StdEnvVarsRewriteEngine OnRewriteLog
logs/rewrite.logRewriteLogLevel 9RewriteCond %{ENV:SSL_CLIENT_S_DN_CN}
^Simpson*R
d
uldgd> SSL connection are
uldgd> delegated to a backend server. The connection between the webserver and the
uldgd> backend
uldgd> server is also configured to be a SSL connection with client
uldgd> authentication, so the webserver
uldgd> has to provide a client certificate to t
On Fri, Feb 21, 2003 at 07:39:07AM +0100, [EMAIL PROTECTED] wrote:
> I'd like to pass the client certificate provided by the end user to the
> backend server. Is there a
> chance to do this with mod_ssl?
>
Currently there isn't a solution with mod_ssl. There is however a cou
backend
server is also configured to be a SSL connection with client
authentication, so the webserver
has to provide a client certificate to the backend server.
I'd like to pass the client certificate provided by the end user to the
backend server. Is there a
chance to do this with mod_ssl?
Hi,
We've been having problems with apache/modssl and client certificates in IE (5.5sp2,
6, 6sp1 all versions of Windows).
When the client sets up a session ofr the first time he gets prompted for his client
cert and after entering the cert password he is able to access the secure site (like
h
I found this error in my ssl_engine.log when I access to apache+modssl site
with client certificate authentication.
what does it mean by this error and how do I fix this?
Actually I dont have problems in accessing it but some of our users
encountered page cannot be displayed
would really appreciate if somebody could
give some suggestions.
Thanks again.
regards,
Lee Hoo Wah
-Original Message-
From: Lee Hoo Wah [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 22, 2002 10:33 AM
To: [EMAIL PROTECTED]
Subject: SSL Reverse Proxy with Client Certificate is dying
Hi,
I have a problem using Apache/mod_ssl 2.0.40 as a SSL reverse proxy to
connect to a SSL Server.
|HTTP Client|-http>|Reverse Proxy|https>|Web Server|
There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authenticatio
Hi,
I have a problem using Apache/mod_ssl 2.0.39 as a SSL reverse proxy to
connect to a SSL Server.
|HTTP Client|-http>|Reverse Proxy|https>|Web Server|
There is a Client Certificate on the Reverse Proxy which must be presented
to the Web Server for authenticatio
Hi all.
I have a problem with a certificate chain and a server certificate, I
need help.
The certificate chain is formed by the Root CA Certificate and the
Subordinate CA Certificate below showed.
The server certificate is the last certificate.
I have configured apache with mods
Hi again.
I have verify these certificates from openssl command line:
openssl verify openssl verify -CAfile PKIv6_3.2_ca_sub2.p7c.pem
imladris.dif.um.esCert.pem
where:
PKIv6_3.2_ca_sub2.p7c.pem is a PEM certificates chain with "Root
CA Certificate" and "Subordinate CA Certif
Hello,
I am setting up an Apache 1.3.26 reverse proxy on
Linux to a remote IIS v5.0 server with a client
certificate but it doesn't work. I kept getting 403
forbidden error because IIS v5.0 does not send a list
of acceptable CAs to the Apache reverse proxy so
Apache doesn't send
Hi,
I like to have an optional authetification with client certificates.
Everythings works well, except that the browser (IE 5.5) pops up a dialog
(which lists no certificates) also the client has no certificates installed.
Netscape 4.7 gives me an error message that there are no certificates
ins
Hello all,
I would like to know if anyone has experience with client certificate
mapping in LDAP. I know that there is a module called mod_authz, but I don't know
if it is any good.
Thanks,
Leus
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gm
Hi:
Any one knows how to create client certificates when use x509?
I can create server certificates without any problem. But what
is the requirments for client certificates? I use Microsoft
windows NT.
Any hint will be appreciated.
Steve
___
Hi,
i am searching a client with that a can time triggered get files from an
apache server restricted with password and client certificate authorization.
i created an apache server with modssl. created my own ca an created a
client certificate. if i try this certificate in IE i will be working
Hello everybody.
In first, sorry for my english.
I have web server with apache, modèssl and openssl.
I need to create certificate for my user's company,
can I do it with this software?
Currently, I know how to create
server's certificate, but what about client?
thanks.
Antoine
cape clients.
Regards
Jeff
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: 13 May 2002 16:55
To: [EMAIL PROTECTED]
Subject: client certificate requested for EVERY html page
Hi, i've set up an Apache/mod_ssl web server, create
Hi, i've set up an Apache/mod_ssl web server, create a CA, installed
the server certifcate, etc, etc.
The i went trough the CLIENT CERTIFICATE process.
everything worked fine (Client Request -> CA Sign the cert
-> Browser LOAD the cert)
THE PROBLEM IS that the SERVER REQUEST THE
Ben - all client cert details are available to the servers that you
present your certificate to.
This is a dump of some of the standard details presented to the server
in your client cert:
Client Certificate
--
SSL_CLIENT_A_KEYrsaEncryption
SSL_CLIENT_A_SIG
I have a client certificate that was issued to me by a CA that contains
potentially sensitive information such as my name, my position within my
organisation, my location, and so on. This certificate has been imported
into my browser (Netscape).
What are the rules in the SSL protocol regarding
CertficateFile" in it's httpd.conf.
This directive has the value set to the its'(proxy's)
client certificate.
Should I need to set the value for
SSLProxyCACertficateFile also?
The error I see in the browser is:
--
The proxy server received an
lf to
the backend server.
Now, the need is to make the proxy server also
authenticate itself to the backend server.
The proxy server has the directive
"SSLProxyMachineCertficateFile" in it's httpd.conf.
This directive has the value set to the its'(proxy's)
client certi
:
> Hi
>
> I installed client certificate but the server says
> client doesnot have client certificate. I made
> mandotary (client cert. needed) in IIS. Both the
> certificates are generated through stanalone CA in
> Windows 2000 server. I even connected mod-ssl test
> site which
Hi
I installed client certificate but the server says
client doesnot have client certificate. I made
mandotary (client cert. needed) in IIS. Both the
certificates are generated through stanalone CA in
Windows 2000 server. I even connected mod-ssl test
site which says client certificate filed is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I have a questen, what does "no client certificate CA names sent" mean?
when I do a:
$ openssl s_client -connect myhost.com:443
(to test out my new apache + mod_ssl server)
that you can find in the output.
I did make a user certific
Hello,
I'm trying to get a SSL connection working using a client certificate.
I'm running with apache/modssl on Solaris and trying to connect to a
partner's IIS web server. I have been sent a client certificate that
was generated on the Windows server in a pfx format. In
On Mon, 2002-03-11 at 08:45, Bruno Georges wrote:
> It looks like it is not possible to get anything from the client, and
> the connection is broken.
> I am a bit confused, according to the SetEnvIf directive IE response
> should be HTTP/1.0, also we force the form method to POST, which has no
[Mon Mar 11 11:20:32 GMT 2002] at
com.newatlanta.servletexec.ClientCert.parseCert(ClientCert.java:204)
....
Retrieving the client certificate data
[Mon Mar 11 15:26:28 GMT 2002] java.net.SocketException: Connection
reset by peer: Connection reset by peer
[Mon Mar 11 15:26:28 GMT 2002] at
java.net.SocketInputStream.socketRead(
Quoting CAM <[EMAIL PROTECTED]>:
>
> > Great. I tried the following:
> >
> > root@net:/home/ron# openssl x509 -in ident.crt -out ident.p12 -outform
> pkcs12
> >
> > I tried to import this file into netscape and into mozilla. No go - they
> both
> > complain that the cert is corrupted. I gue
>
> > Hi Folks:
> >
> > I am having problems getting a self-signed identity (client) cert
> installed into my browsers (Mozilla 0.9.8 and Netscape 4.78).
> >
> > The cert is signed and tested to be valid, I just can't find the
> > right
> method to install it into my browser. I even tried cop
> Great. I tried the following:
>
> root@net:/home/ron# openssl x509 -in ident.crt -out ident.p12 -outform pkcs12
>
> I tried to import this file into netscape and into mozilla. No go - they both
> complain that the cert is corrupted. I guess this begs the question: how does
> one go about c
Quoting Göran Fröjdh <[EMAIL PROTECTED]>:
> Den 02-02-20 15.04 skrev "Ron Gage" <[EMAIL PROTECTED]> följande:
>
> > Hi Folks:
> >
> > I am having problems getting a self-signed identity (client) cert
> installed into my browsers (Mozilla 0.9.8 and Netscape 4.78).
> >
> > The cert is signed and
Den 02-02-20 15.04 skrev "Ron Gage" <[EMAIL PROTECTED]> följande:
> Hi Folks:
>
> I am having problems getting a self-signed identity (client) cert installed
> into
> my browsers (Mozilla 0.9.8 and Netscape 4.78).
>
> The cert is signed and tested to be valid, I just can't find the right method
- I was using NS6.2 on windoze which I
believe has the same codebase as Moz 0.9.6, no?
Anyway, in the Certificate Manager, we used the (perhaps slightly misnamed)
Restore function to pick up a PKCS#12 file from the local filesystem. This was
just the client certificate reworked into PKCS#12 format w
Hi
I have an apache set has a directoy configured so taht only browsers with
a certificate signed from the correct CA can access it.
What I would like to do is that the DN of the certifiacte set as an
envirnment variable.
Can anyone tell me how to do this?
Laurie
--
=
Hi Folks:
I am having problems getting a self-signed identity (client) cert installed into
my browsers (Mozilla 0.9.8 and Netscape 4.78).
The cert is signed and tested to be valid, I just can't find the right method to
install it into my browser. I even tried copying the ident.crt to ident.pem
001 23:26
Please respond to modssl-users
To: "modssl-users" <[EMAIL PROTECTED]>
cc:
Subject: Client certificate
Hi again, looking in the modssl manual, chapter 6 FAQ, i found the way to create a server certificate and a CA,
Hi again, looking in the modssl manual, chapter 6
FAQ, i found the way to create a server certificate and a CA, but i don't know
how to create a client certificate in case that my server asks for a certificate
in order to authenticate its clients, how can i create a client certif
ficateFile,
SSLVerifyClient 2).
I restarted Apache ssl server and access the page. It required
the client certificate.--of course..
I tried to make the client certificate request. But I can't make it.
The command is " CA.sh -newreq"(or "openssl req -new -keyout
clientkey.pem -out clientcs
Hi!
I can solve this problem, so report about it.
The reason I can't get Client-Certificate-Chain by
using SSL_CLIENT_CERT_CHAIN_n on my CGI is maybe a BUG of
mod_ssl2.8.3-1.3.19 (I think ).
A point of "ssl_engine_vars.c" which is a source code of mod_ssl is
wro
On Tue, Jun 12, 2001 at 02:03:47AM +0900, K.Umesawa wrote:
> If i can't get Client-Certificate-Chain from ssl-session-cache and
> SSL_CLIENT_CERT_CHAIN_n,
> I thought the way only I can do is to delete a ssl-session-cache on
> every
> connection or time Apache start (I
ne the certificate chain, you only can do it for the
> first session negotiated.
If i can't get Client-Certificate-Chain from ssl-session-cache and
SSL_CLIENT_CERT_CHAIN_n,
I thought the way only I can do is to delete a ssl-session-cache on
every
connection or time Apache start (I have
On Thu, Jun 07, 2001 at 11:37:40PM +0900, K.Umesawa wrote:
> I'm trying to get a Client-Certificate-Chain
> by using SSL_CLIENT_CERT_CHAIN_n in my CGI
> which works on Apache 1.3.19 + mod_ssl2.8.3.
> Now I can get a data of SSL_CLIENT_CERT and SSL_SERVER_CERT(and client
&g
Hello!
I'm trying to get a Client-Certificate-Chain
by using SSL_CLIENT_CERT_CHAIN_n in my CGI
which works on Apache 1.3.19 + mod_ssl2.8.3.
Now I can get a data of SSL_CLIENT_CERT and SSL_SERVER_CERT(and client
authentication is success), but I can't get a
ok, running mod_ssl 2.8.1 and apache 1.3.19, made my own CA for the
server and can connect via 443 with no problems.
wanting to do plain certificate authentication via a client certificate,
so in did:
openssl pkcs12 -export -in /usr/local/apache/conf/ssl.crt/ca.crt -inkey
/usr/local/apache
ts in multiple HTTP GET/PUT requests and thus multiple SSL
connections) we get the following error on the last
request:
[21/Feb/2001 14:47:56 06764] [trace] OpenSSL: Loop: SSLv3 read client
certificate A
[21/Feb/2001 14:47:56 06763] [trace] OpenSSL: Write: SSLv3 read client
certificate B
[21/Feb
}/private/CAcert.pem
-config /usr/local/ssl/openssl.cnf
The files generated are CAkey.pem and CAcert.pem.
(2) As server authentication is not required, I skipped to the step
to create client certificate.
(3) For creating client certificate and getting it signed by the CA
certificate generated in (1
ion on another URL when
> client certificate authentication fail?
>
> Thank you in advance.
>
> Enrico Zaffaroni
> [EMAIL PROTECTED]
>
> __
> Apache Interface to OpenSSL (mod_ssl)
Is there anyone who was able to enable redirection on another URL when
client certificate authentication fail?
Thank you in advance.
Enrico Zaffaroni
[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl
/2000 11:57:25 00422] [trace] OpenSSL: Loop: SSLv3 write server
done A
[31/Oct/2000 11:57:25 00422] [trace] OpenSSL: Loop: SSLv3 flush data
[31/Oct/2000 11:57:25 00422] [trace] OpenSSL: Exit: failed in SSLv3 read
client certificate A
[31/Oct/2000 11:57:25 00422] [info] Spurious SSL handshake
Hello modssl users,
I have an web application (CGI script) that uses SSL Client
certificate fingerprint to pass/reject users.
Currently in modssl I have many SSL_CLIENT_S_X variables, but no
way to find out the certificate fingerprint (the one I see with
openssl x509 -fingerprint command
Same Error, Certificate Verification Error (10): Certificate has Expired...
> On Mon, Sep 18, 2000, Wil Boucher wrote:
>
> > Is it possible to enable SSLVerifyClient to accept expired certificates?
> >
> > I want to check that the user does in fact have access to a certificate,
be
> > it expired
On Mon, Sep 18, 2000, Wil Boucher wrote:
> Is it possible to enable SSLVerifyClient to accept expired certificates?
>
> I want to check that the user does in fact have access to a certificate, be
> it expired or not, before giving them access to certain pages.
>
> Wether I use 'optional' or 're
Give them an up-to-date certificate?
**
Important Note
This email (including any attachments) contains information which is
confidential and may be subject to legal privilege. If you are not
the intended recipient you must no
Is it possible to enable SSLVerifyClient to accept expired certificates?
I want to check that the user does in fact have access to a certificate, be
it expired or not, before giving them access to certain pages.
Wether I use 'optional' or 'required' the user is still denied access with
the serve
Try turning off that rule and then using apaches printenv script
to see how SSL_CLIENT_M_SERIAL is seen by the server.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_
I am having a hard time getting mod_ssl to request
the clients certificate serial number. I belive I have it in right but it always
fails.
SSLVerifyClient
requireSSLVerifyDepth
5SSLOptions
+FakeBasicAuthSSLRequireSSL
SSLRequire
%{SSL_CLIENT_M_SERIAL} eq "
hrows ServletException, IOException
{
HttpSession session = req.getSession(true);
String cert;
// get client certificate
try {
// required Apache JServ Configuration
// ApJServEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT
cert=
req.getAttr
$CA -config $CONFIG -spkac $req_file -out $result_file -days 360 -key $CAPSS
is the command from SSLevy.
What is the equivalent command for the above in openssl-0.9.4?
I am working on generating a client certificate using openssl with Netscape
Communicator 4.7. Is this possible?
Thanks
Addressed to: [EMAIL PROTECTED]
[EMAIL PROTECTED]
** Reply to note from Dominik Seitz <[EMAIL PROTECTED]> Tue, 4 Apr 2000 11:59:42
+0200
>
> It seems that during the normal SSL handshake the client certificate
> will be sent to the server unencrypted.
>
It seems that during the normal SSL handshake the client certificate
will be sent to the server unencrypted.
My question: is there some way to make the browsers send the client
certificates encrypted?
It seems that this happens if there is
already an SSL session in place not requiring a
26799] [trace] OpenSSL: Loop: SSLv3 write server done A
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 flush data
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Exit: failed in SSLv3 read client
certificate A
[31/Mar/2000 11:09:29 26799] [info] Spurious SSL handshake interrupt[Hint: Usually
Hi I'm pretty new to encryption stuff. I'm stuck at transforming the client
certificate from pem format into p12:
openssl pkcs12 -export \
-in sabrecert.pem \
-inkey sabrekey.pem \
-name "Sabre certificate" \
-certfile /usr/local/apache/1.3.9
Hi,
I have created a client certificate with my CA using openssl as
openssl ca -in client.csr
Then converted it into DER encoded format and trying to import it into
browser. But it is not listing the certificate in any catagory of
certificates. Even it is not listing it in certificates list when
[EMAIL PROTECTED] schrieb:
>
> Full_Name: Matthias L. Jugel
> Version: 2.4.2
> OS: Debian Linux 2.2.12
> Submission from: mondo.first.gmd.de (194.95.175.13)
>
> Hi,
>
> I was trying to access my server:
>
> Server: Apache/1.3.9, Interface: mod_ssl/2.4.2, Library: OpenSSL/0.9.4
>
> using a SEG
Full_Name: Matthias L. Jugel
Version: 2.4.2
OS: Debian Linux 2.2.12
Submission from: mondo.first.gmd.de (194.95.175.13)
Hi,
I was trying to access my server:
Server: Apache/1.3.9, Interface: mod_ssl/2.4.2, Library: OpenSSL/0.9.4
using a SEGA Dreamcast with the DreamKey Web browser. The follow
ainst one of the SSL Client variables, what should happen? I
wasn't experimenting too carefully but it seemed like all the checks
against SSL Client environment variables were ignored when the browser
didn't provid
Ralf S. Engelschall wrote:
>
> On Thu, Jun 24, 1999, Matthias Loepfe wrote:
>
> > [...]
> > > Hmmm... the client handling should be done on-the-fly. But perhaps the
> > > loading is already broken. You can find it in functions
> > > SSL_CA_load_certs_file() and SSL_CA_load_certs_path() in ssl_u
On Thu, Jun 24, 1999, Matthias Loepfe wrote:
> [...]
> > Hmmm... the client handling should be done on-the-fly. But perhaps the
> > loading is already broken. You can find it in functions
> > SSL_CA_load_certs_file() and SSL_CA_load_certs_path() in ssl_util_ssl.c. The
> > on-the-fly handling is
Ralf S. Engelschall wrote:
>
> On Wed, Jun 23, 1999, Matthias Loepfe wrote:
>
> > I'm testing some of your new features in mod_ssl. I'm currently testing the
> > unreleased patch for the SSLProxy.
> >
> > Am I right that client certificate handling is
On Wed, Jun 23, 1999, Matthias Loepfe wrote:
> I'm testing some of your new features in mod_ssl. I'm currently testing the
> unreleased patch for the SSLProxy.
>
> Am I right that client certificate handling is not yet finished?
Hmmm... there might be still a bug, y
Hi Ralf
I'm testing some of your new features in mod_ssl. I'm currently testing the
unreleased patch for the SSLProxy.
Am I right that client certificate handling is not yet finished?
It seems that the private keys are not yet read what results in a SEGV deep in
OpenSSL at the point
Running Linux 2.0.36 Apache 1.3.6 Openssl 0.9.3 Mod_ssl 2.3.0 My server is up and running and seems to work fine in secure mode without a clientcert. But every time I create and install a client cert. in netscape 4.06 I getrecieved bad data from server messaget
On Fri, Mar 05, 1999, Alfredo Raul Pena wrote:
> > > > I think the problem is that I'm not using mod_perl for CGI scripts (where you
> > > > have the info via the environment) but from a AuthHandler... From there I
> > > > tried accessing subprocess_env without success, none of the SSL_
> > >
"Ralf S. Engelschall" wrote:
> > > I think the problem is that I'm not using mod_perl for CGI scripts (where you
> > > have the info via the environment) but from a AuthHandler... From there I
> > > tried accessing subprocess_env without success, none of the SSL_
> > > veriables are there.
>
On Fri, Mar 05, 1999, Alfredo Raul Pena wrote:
> I'm sorry about the insistence, but what do anyone thinks about this?
> Regards, Alfredo
>
> > > Since mod_ssl 2.1 you can get _all_ ingredients of a certificate via
> > > environment variables SSL_. What ingredients are you missing?
> >
> > I
I'm sorry about the insistence, but what do anyone thinks about this?
Regards, Alfredo
Alfredo Raul Pena wrote:
> "Ralf S. Engelschall" wrote:
>
> > Since mod_ssl 2.1 you can get _all_ ingredients of a certificate via
> > environment variables SSL_. What ingredients are you missing?
>
> I th
"Ralf S. Engelschall" wrote:
> Since mod_ssl 2.1 you can get _all_ ingredients of a certificate via
> environment variables SSL_. What ingredients are you missing?
I think the problem is that I'm not using mod_perl for CGI scripts (where you
have the info via the environment) but from a Auth
1 - 100 of 107 matches
Mail list logo
