https://issues.apache.org/bugzilla/show_bug.cgi?id=48215
--- Comment #2 from Joe Orton <[email protected]> 2009-11-18 05:51:41 UTC --- This is a bug in the handling of "SSLVerifyDepth 0" in per-dir context. mod_ssl is forcing a renegotiation each time because it doesn't cache the verify_depth as zero correctly: [Tue Nov 17 19:54:25 2009] [debug] ssl_engine_kernel.c(423): [client 172.30.25.84] Reduced client verification depth will force renegotiation, referer: https://172.30.24.37/ to fix this either of: a) configure client cert CA verification properly, and remove or increase the SSLVerifyDepth setting, or b) move the SSLVerifyDepth setting to vhost context, outside the <Location> block should work. -- In ssl_hook_Access, the code uses sslconn->verify_depth as the "current" verify depth only if non-zero, otherwise falling back to the vhost's verify depth. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
