DO NOT REPLY [Bug 45677] New: Location and LocationMatch directive is defect when used with SSLCACertificateFile

Sat, 23 Aug 2008 04:54:46 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=45677

           Summary: Location and LocationMatch directive is defect when used
                    with SSLCACertificateFile
           Product: Apache httpd-2
           Version: 2.2.3
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


When trying to apply different certificates through SSLCACertificateFile under
different <Location> directives in ssl.conf, apache2 applies the last of the
<Location>-directives instead of the one actually matching.
In the example below the last certificate, certificate3, is always served to
the browser, if any of the above <Location>-directives match. Thus entering 
http://my.domain.se/path1 will prompt you with certificate3, as will
http://my.domain.se/path2, and of course the last url will also give the third
cirtificate. LocationMatch and tons of different matching patterns has been
tested without any luck. LocationMatch is showing the exact same behaviour.

ssl.conf:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost _default_:443>
ServerName my.domain.se:443
JkMount /* loadbalancer

SSLCertificateFile
/etc/pki/tls/certs/my_domain_se_VeriSign_Class_Extended_Validation_SSL_SGC_CA.pem
SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt

<LocationMatch /path1>
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLCACertificateFile /etc/pki/tls/certs/certificate1.cer
</LocationMatch>

<LocationMatch /path2>
        SSLVerifyClient require
        SSLVerifyDepth 1
        SSLCACertificateFile /etc/pki/tls/certs/certificate2.cer
</LocationMatch>

<LocationMatch /path/that/should/not/match>
        SSLVerifyClient require
        SSLVerifyDepth 2
        SSLCACertificateFile /etc/pki/tls/certs/certificate3.cer
</LocationMatch>

#... log stuff here

</VirtualHost>


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to