https://issues.apache.org/bugzilla/show_bug.cgi?id=47427
Summary: browser doesn't get Error 403 if user's auth failed
Product: Apache httpd-2
Version: 2.2.11
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [email protected]
non-detailed description:
1. you setuped the SSL host. Everything is *OK* if you have user's cert.
<VirtualHost 10.0.0.86:8443>
ServerAdmin [email protected]
ServerName mihailp1.parks.lv
DocumentRoot "/mihailp1/www-secure"
SSLEngine on
SSLCertificateKeyFile "/root/mihailp1-ca/mihailp1.key"
SSLCertificateFile "/root/mihailp1-ca/mihailp1.crt"
SSLCACertificateFile "/root/mihailp1-ca/mihailp1-ca.crt"
SSLVerifyClient require
SSLVerifyDepth 3
SSLOptions +OptRenegotiate
ErrorLog "logs/secure-error_log"
CustomLog "logs/secure-access_log" common
</VirtualHost>
2. open the browser and *don't* install user's cert
3. try to open the site by any major browsers, you will get error
4. as you can see in the log (and the code) ssl module returns error 403, but
browser *doesn't* get it at all
5. if you try repeat the same scenarion in nginx, you would get simple error
page, because nginx can handle (and finalize) requests without user's cert.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
