On Fri, Jan 28, 2005 at 06:03:14PM +0100, Dominique Quatravaux wrote:
> Geoffrey Young wrote:
>
> |
> | so, are you saying that can remove SSLVerifyClient here and all is
> | ok?
>
> No no, you're right and Joe was wrong, you must not change a thing.
> Sorry for being unclear!
I think you're confused about the difference between SSLVerifyClient
"optional" and "require": both insist on a new handshake, both send the
client a CertificateRequest message, but the former will fail the SSL
handshake if no cert is presented; the latter will not. So doing an
SSLRequire check for %{SSL_VERIFY_CLIENT} after using "SSLVerifyClient
require" is redundant. Geoff, removing the SSLRequire line is right, it
doesn't really matter though...
joe
