HI!
I have a question about issuing SSL server certs for SGC (step-up
certs):
Ralf Engelschall's presentation states that
extendedKeyUsage = msSGC,nsSGC
has to be set in the whole certificate chain.
(see http://www.modssl.org/docs/apachecon2001/slide-010-n.html)
Now I wonder if this is also
Lutz Jaenicke wrote:
On Wed, Jul 18, 2001 at 12:06:48PM +0100, Darko Krizic wrote:
I heard that some versions of SSL offer some kind of compression.
The RFC for TLS does not define a specific method of compression.
mod_ssl uses the OpenSSL library, that does not provide compression.
(It
Ronald Ruzicka wrote:
where I simply want a secure connection - I think we will end up in a
philosophical discussion ... ;)
No proper authorization without proper authentication. Period.
Ciao, Michael.
__
Apache Interface
JT wrote:
Netscape has a fairly bothersome cache which poses a serious problem when
diagnosing these types of problems. IE on the otherhand has probably the
best cache system for a browser that there is (Although I won't say much
for
there browser itself) but anyways you need to set
HI!
(Re-sent since my message through gmane didn't come through.)
Maybe I'm overlooking the obvious but it seems that env var
SSL_CLIENT_S_DN_UID is not set when using a client cert for authentication.
The following env vars displayed in my SSI HTML text are relevant here
(obfuscated to
Joe Orton wrote:
On Fri, May 23, 2008 at 04:46:48PM +0200, Michael Ströder wrote:
In the current 2.x mod_ssl sources, UID maps to:
#ifdef NID_x500UniqueIdentifier /* new name as of Openssl 0.9.7 */
{ UID, NID_x500UniqueIdentifier },
#else /* old name, OpenSSL 0.9.7 */
{ UID
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute type
'uid' specified for pilotPerson). That seems right to me since it's
compliant with RFC 4514 which contains a table of short and long
Michael Ströder wrote:
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute
type 'uid' specified for pilotPerson). That seems right to me since
it's compliant with RFC 4514 which contains a table
Michael Ströder wrote:
Joe Orton wrote:
On Fri, May 23, 2008 at 05:23:34PM +0200, Michael Ströder wrote:
Ok, then the OID in my cert is 0.9.2342.19200300.100.1.1 (attribute
type 'uid' specified for pilotPerson). That seems right to me since
it's compliant with RFC 4514 which contains a table
Gilles Cuesta wrote:
So, at a time, we have 2 ClientCA with different key and different
validity period, but same DN.
This is bad practice. Try searching for CA key roll-over.
The problem is, when verifying client cert work with both ClientCA
stacked; but when using CRL, old clients work
Beth E. Okun wrote:
We're running Apache with ssl enabled..We're using Basic
authentication, and if the user browses away from our site and then
comes back, they are not forced to log on again...it appears that
these settings are being stored somewhere, or that the connection is
Peter Sylvester wrote:
in ssl_engine_vars, there seems to be a problem to me concerning the UID
field.
The syntax for the field is a bitstring and not a text.
Nothing happened since I've filed this bug and raised the issue here:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45107
It's
HI!
For security reasons I'm using env var SSL_SESSION_ID to cross-check the
application's session ID with the SSL session ID in my web application. This
works without any issues on my openSUSE boxes. Browser is Seamonkey 2.0.4.
But I have problems with Apache 2.2.3 shipped with
Red Hat
13 matches
Mail list logo