SSL appears to be broken in 8-STABLE/RELEASE
Maxim Dounin
mdounin at mdounin.ru
Sat Dec 19 18:08:38 UTC 2009
Hello!
On Sat, Dec 19, 2009 at 05:23:53AM -0800, Chris H wrote:
[...]
> Indeed. I understand that. In fact my OP (original post) indicated my use was
> in a "vhost" - eg;
> NameVirtualHost host.ip.add.ress:443
> <VirtualHost host.ip.add.ress:443>
> SSLEnable
> SSLVerifyClient (options 0-3;none work)
> SSLRequireSSL
> SSLNoV2
> <IfModule apache_ssl.c>
> SSLCACertificatePath /path/to/ca-file
> SSLCertificateFile /path/to/cert-file
> SSLCertificateKeyFile /path/to/key-file
> </IfModule>
> [...]
> </VirtualHost>
Ah, ok, I've missed syntax you claimed for SSLVerifyClient, but
with this config snipped it's much more clear. You are using
apache-ssl, as in ports/www/apache13-ssl, right?
It indeed seems to require renegotiation even with per-vhost
SSLVerifyClient. No luck, only reverting patch will do the trick.
Apache 2.2 with official mod_ssl works fine with per-vhost
SSLVerifyClient, as well as Apache 1.3 with rse@'s mod_ssl
(ports/www/apache22 and ports/www/apache13-modssl).
Maxim Dounin
More information about the freebsd-stable
mailing list