https://issues.apache.org/bugzilla/show_bug.cgi?id=53193
--- Comment #1 from Arnis Ut <[email protected]> --- Created attachment 29622 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29622&action=edit patch Confirmed. When client certificate is requested in server context and GENEROUS'ly verified session is resumed, the SSL_CLIENT_VERIFY will be set to SUCCESS. This is security bug for these who rely on SSL_CLIENT_VERIFY to test whether certificate verification was successful. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
