We are happily running Stronghold version 2.1 on a Linux 2.0.33 machine
from a couple of months.
We are now adding client certification but we do not understand
how to use SSL_Require.
In the specific, we are testing with two client certificates, one
with Organizational Unit "security" an one with "badpeople",
issued by Netscape Communicator v. 4.05, english expot version.
To discriminate, I inserted in httpd.conf the lines:
<Directory /securesite>
Options Indexes FollowSymLinks
AllowOverride None
SSL_Group buoni "ou EQ security"
SSL_Group cattivi "ou EQ badpeople"
# Ubi: no way to make this one work (and others like this one)
# SSL_Require "ou != \"badpeople\""
# Ubi: let's use groups:
SSL_Require buoni
</Directory>
but the check doesn't do what we expect (that is, instead of letting
"buoni" in, it keeps everybody out!). As you can see, I could not
do what I want even without SSL_Group.
What's wrong with my syntax? Is there anything else I should know?
Is it possible that the browser fails to send the correct data?
I thank you in advance for your attention, the SSL features are vital for us.
Umberto Rustichelli
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
