https://issues.apache.org/bugzilla/show_bug.cgi?id=56073
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Hardware|PC |All Resolution|--- |INVALID OS|Linux |All --- Comment #1 from Kaspar Brand <[email protected]> --- (In reply to hanno from comment #0) > Either SSLCertificateChainFile should accept empty files as an argument > (which could also be /dev/null) or there should be another way to set it to > "empty". It's not obvious but there is actually such a way: create a non-zero size file which does not include any BEGIN/END CERTIFICATE block. This will get you past the "does not exist or is empty" check, and ssl_engine_init.c:ssl_init_ctx_cert_chain() will simply skip the configuration of a chain, as it will receive zero certs when reading from such a dummy file. That being said, I have just proposed a backport of what I consider a more systematic way of configuring certificate chains in 2.4.x - see r1562500. It was added to trunk about a month ago, and while it will no longer allow setting a global SSLCertificateChainFile, it has the advantage of being able to configure per-certificate chains when multi-algorithm certs are configured (needs OpenSSL 1.0.2). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
