DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41911>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41911 ------- Additional Comments From [EMAIL PROTECTED] 2007-03-26 16:50 ------- Thank you for your detailed analysis. I am using Konqueror 3.5.6 (from KDE) as client, where it is possible to use webdavs:// or https:// as a URL. I was not able to reproduce the problem today. I suspect/believe the explanation is that the certificates were being cached by Konqueror. I had suspected this problem, before submitting my report, and therefore tried both to restart the server and open a "new" Konqueror. However, I believe that I did not close ALL the open Konqueror clients, and that seems to be the source of the problem I reported. (I more or less repeated such an experiment today -- that is, I could reproduce the problem that I reported, but I now understand that the problem is with the client and not Apache). While you have your test set up. I would like to ask a related question. In your first setup, if you (a) try to access /test/subdir with (b)) a 'DE certificate), then (c) you will see that it is *impossible* because [info] Access to /disk/apache/apache2/htdocs/test/subdir/ for 123.456.789.123 (requirement expression not fulfilled) [info] Failed expression: %{SSL_CLIENT_S_DN_C} eq "US" That is, the SSLRequire from Directory cascades to test/subdir (as it is supposed to), but this makes it impossible then for a person with only a DE certificate to get access to the subdirectory. I am able to reliably repeat that problem. As best as I can tell, this cannot be overcome with a special Boolean combination to SSLRequire, and the way Apache is currently designed, there does not seem any possibility to override this behavior. Is there a good reason to maintain that behavior? Maybe it should be an enhancement request to allow the possibility to turn off or override the "directory cascade" ? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
