[EMAIL PROTECTED] wrote:
> How deep is VerifyDepth ?
I guess this is the wrong direction of error checking.
VerifDepth and VerifyRequire are used in evaluating the
certificate chain on SSL connection establishment, the
SSLRequire expression is evaluated after the HTTP request
is successfully tra
>[EMAIL PROTECTED] wrote:
>> Perhaps
>> SSLVerifyClient require
>>
>> Default is
>> SSLVerifyClient none
>Good idea, but this is set already (otherwise the
>client would not authentify with the certificate)
>for this virtual host. Moving it into the directory
>section does not change anyth
[EMAIL PROTECTED] wrote:
> Perhaps
> SSLVerifyClient require
>
> Default is
> SSLVerifyClient none
Good idea, but this is set already (otherwise the
client would not authentify with the certificate)
for this virtual host. Moving it into the directory
section does not change anything either.
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Olaf Gellert
Gesendet: Mi 05.04.2006 14:08
An: modssl-users@modssl.org
Betreff: mod_ssl: SSLRequire
I try to do X.509 client
I try to do X.509 client authentication with Apache
Apache/2.0.54. This works fine. Now I want to check
for certain fields in the client certificate with
SSLRequire. Even though I ask that
%{SSL_CLIENT_S_DN_CN} eq "Testuser"
the server permits accesss to a client with
SSL_CLIENT_S_DN_CN="testuser