RE: [users@httpd] Override SSLVerifyClient

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I am puzzled. The following works for me (Apache 2.0.54/Solaris 8):

<VirtualHost labelle16:8443>
   LogLevel warn
   ProxyRequests       Off

   ServerName labelle16

   SSLEngine On
   SSLCertificateFile /u01/etc/x509/ssl.crt/labelle16.crt
   SSLCertificateKeyFile /u01/etc/x509/ssl.key/labelle16.key

   <Location />
      SSLRequireSSL
      SSLVerifyClient Require
   </Location>

   <Location /abc/>
      SSLRequireSSL
      SSLVerifyClient none
   </Location>

</VirtualHost> 

However, contrary to what I thought, if I reverse the order of the Location sections a client certificate is required in both cases.

-ascs

-----Original Message-----
From: Azwan Adli Abdullah [mailto:azwan@xxxxxxxxxxxx] 
Sent: Monday, January 09, 2006 6:11 PM
To: Axel-Stéphane SMORGRAV
Cc: users@xxxxxxxxxxxxxxxx; azwan@xxxxxxxxxxxx
Subject: RE: [users@httpd] Override SSLVerifyClient

Hi,
Tried that but also doesn't work.  Any other clue?

Rgds,
Azwan
> Reverse the order of the two Location sections.
>
> -ascs
>
> -----Original Message-----
> From: Azwan Adli Abdullah [mailto:azwan@xxxxxxxxxxxx]
> Sent: Monday, January 09, 2006 9:14 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] Override SSLVerifyClient
>
> Hi All,
> I have 1 question regarding howto override SSLVerifyClient directive 
> in Location directive.  Let say I have 10 different URLs and 1 of them 
> NO need to verify the client cert and the other 9 need to verify the 
> client cert.  Example that I've tried is as below but seems doesn't work.
>
> <Location />
>   SSLRequireSSL
>   SSLVerifyClient Require
>   Allow from all
> </Location>
>
> <Location /abc>
>    SSLRequireSSL
>    SSLVerifyClient None
>    Allow from all
> </Location>
>
> For the location /abc, it still prompt for client cert.  I've searched 
> through the net but can't find the answer.
>
> Thanks.
> Azwan.
>
> --
> Azwan Adli Abdullah
> Slackweb.net
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>


--
Azwan Adli Abdullah
Slackweb.net


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux