https://issues.apache.org/bugzilla/show_bug.cgi?id=52874
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Platform|PC |All Version|2.2.3 |2.5-HEAD OS/Version|Linux |All --- Comment #2 from Kaspar Brand <[email protected]> 2012-03-10 06:33:48 UTC --- (In reply to comment #1) > Created attachment 28448 [details] > Patch to incorporate SSLTrustedFirst (On|Off) and the X509 Flag in openssl This patch only includes the changes to OpenSSL, but none for mod_ssl. > Adds support for new Server-wide directive, SSLTrustedFirst, which enables the > ctx->param->flags for openssl's TrustedFirst directive when doing client > verification. If we do this, we'll want to make it a per-vhost directive (same as SSLCACertificateFile and friends). It's too early to consider adding support for this to mod_ssl, however (even for trunk). The X509_V_FLAG_TRUSTED_FIRST verification flag was added to OpenSSL in http://cvs.openssl.org/chngview?cn=19324 and will first appear in 1.1.0, which won't be released that soon, most likely. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
