SA-09-15 vs Apache with client certificates
Toomas Aas
toomas.aas at raad.tartu.ee
Thu Dec 3 17:27:05 UTC 2009
Hello!
We have Apache running on FreeBSD 7.2, where among others a SSL virtual
host is defined. One particular subdirectory of this virtual host is
configured to require client certificates, using .htaccess file:
------------------------------------------------
SSLVerifyClient Require
SSLVerifyDepth 3
<FilesMatch "\.(shtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
------------------------------------------------
Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly that
if I apply the patch then this functionality will no longer work?
The only workaround I can think of is to require client certificates for
the entire vhost, but this is unrealistic to implement. Am I missing any
other options?
--
Toomas Aas
... What are you looking down here for? Read the message!
More information about the freebsd-questions
mailing list