https://issues.apache.org/bugzilla/show_bug.cgi?id=46773
Summary: SSLClientVerify directive not processed in documented
directory order
Product: Apache httpd-2
Version: 2.2.11
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: Runtime Config
AssignedTo: [email protected]
ReportedBy: [email protected]
The configuration directives for Directory containers are supposed to be
processed in order of shortest to longest, to allow a general configuration to
be overridden by more specific subdirectory directives. In the configuration
below I have specified 'SSLClientVerify require' globally. In the registration
directory, where we cannot yet have it protected, I have specified
'SSLClientVerify none'. I expected that to override the higher level directive
and allow this subdirectory to be accessed without a client certificate.
Instead, it still requires a certificate to be presented.
<Directory "/webapp/root">
Options None
AllowOverride None
Order Allow,Deny
Allow from all
SSLVerifyClient require
SSLVerifyDepth 5
AuthName "Web App Name"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://127.0.0.1/o=netideasinc.com?uid?one
Require ldap-group cn=RegisteredUsers,ou=Groups,o=netideasinc.com
</Directory>
<Directory /webapp/root/registration">
Options None
Order Allow,Deny
Allow from all
SSLVerifyClient none
AuthName "Web App Name"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL ldap://127.0.0.1/o=netideasinc.com?uid?one
Require ldap-group cn=RegisteredUsers,ou=Groups,o=netideasinc.com
</Directory>
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
