SA-09-15 vs Apache with client certificates

Toomas Aas toomas.aas at raad.tartu.ee
Thu Dec 3 17:27:05 UTC 2009


Hello!

We have Apache running on FreeBSD 7.2, where among others a SSL virtual 
host is defined. One particular subdirectory of this virtual host is 
configured to require client certificates, using .htaccess file:

------------------------------------------------
SSLVerifyClient Require
SSLVerifyDepth 3
<FilesMatch "\.(shtml|php)$">
         SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
------------------------------------------------

Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly that 
if I apply the patch then this functionality will no longer work?

The only workaround I can think of is to require client certificates for 
the entire vhost, but this is unrealistic to implement. Am I missing any 
other options?

--
Toomas Aas

... What are you looking down here for? Read the message!


More information about the freebsd-questions mailing list