https://issues.apache.org/bugzilla/show_bug.cgi?id=47055
--- Comment #29 from Will Rowe <[email protected]> 2009-09-09 05:23:32 PDT --- Just for fun, would you try; SSLVerifyClient optional SSLVerifyDepth 10 <Location "/test"> SSLVerifyClient require SSLVerifyDepth 10 SSLOptions +OptRenegotiate </Location> The first line ensures that the client-certificate accepted session will be honored when the user navigates from /test, to say, /data and back again, or when they start a new request that hasn't resolved to /test. I'm a bit confused why the same session would not be reused until the session expires, irrespective of the URL-path. So I'm concerned that httpd may be handshaking, refusing their certificate, and renegotating for the session with the certificate immediately afterwards. This would be suboptimal. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
