RE: [users@httpd] Override SSLVerifyClient

Tue, 10 Jan 2006 02:51:34 -0800 

I am puzzled. The following works for me (Apache 2.0.54/Solaris 8):

<VirtualHost labelle16:8443>
   LogLevel warn
   ProxyRequests       Off

   ServerName labelle16

   SSLEngine On
   SSLCertificateFile /u01/etc/x509/ssl.crt/labelle16.crt
   SSLCertificateKeyFile /u01/etc/x509/ssl.key/labelle16.key

   <Location />
      SSLRequireSSL
      SSLVerifyClient Require
   </Location>

   <Location /abc/>
      SSLRequireSSL
      SSLVerifyClient none
   </Location>

</VirtualHost> 

However, contrary to what I thought, if I reverse the order of the Location 
sections a client certificate is required in both cases.

-ascs

-----Original Message-----
From: Azwan Adli Abdullah [mailto:[EMAIL PROTECTED] 
Sent: Monday, January 09, 2006 6:11 PM
To: Axel-Stéphane SMORGRAV
Cc: [email protected]; [EMAIL PROTECTED]
Subject: RE: [EMAIL PROTECTED] Override SSLVerifyClient

Hi,
Tried that but also doesn't work.  Any other clue?

Rgds,
Azwan
> Reverse the order of the two Location sections.
>
> -ascs
>
> -----Original Message-----
> From: Azwan Adli Abdullah [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 09, 2006 9:14 AM
> To: [email protected]
> Subject: [EMAIL PROTECTED] Override SSLVerifyClient
>
> Hi All,
> I have 1 question regarding howto override SSLVerifyClient directive 
> in Location directive.  Let say I have 10 different URLs and 1 of them 
> NO need to verify the client cert and the other 9 need to verify the 
> client cert.  Example that I've tried is as below but seems doesn't work.
>
> <Location />
>   SSLRequireSSL
>   SSLVerifyClient Require
>   Allow from all
> </Location>
>
> <Location /abc>
>    SSLRequireSSL
>    SSLVerifyClient None
>    Allow from all
> </Location>
>
> For the location /abc, it still prompt for client cert.  I've searched 
> through the net but can't find the answer.
>
> Thanks.
> Azwan.
>
> --
> Azwan Adli Abdullah
> Slackweb.net
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


--
Azwan Adli Abdullah
Slackweb.net


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to