https://issues.apache.org/bugzilla/show_bug.cgi?id=46355
Joe Orton <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #1 from Joe Orton <[email protected]> 2009-06-23 07:41:14 PST --- It's not possible to do exactly what you're requesting with OpenSSL. It is technically feasible to simply: - configure the root CA as SSLCACertificateFile - in per-directory context, use SSLRequire to check that the client cert is issued by the appropriate intermediary, by comparing the appropriate field in the client's issuer DN - SSL_CLIENT_I_DN_* though there may be deployment issues with that if you are expecting any given client to have more than one cert. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
