https://bz.apache.org/bugzilla/show_bug.cgi?id=61929
Bug ID: 61929
Summary: Configure mod_sll forsend empty distinguished names
list
Product: Apache httpd-2
Version: 2.4.23
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
We use SSLCACertificateFile for client auth and want send empty CA DN names
list because SSLCACertificateFile very large and goto limit for
CertificateRequest <0..2^16-1> (more info about it:
https://github.com/openssl/openssl/issues/4819)
rfc 5246, #section-7.4.4:
certificate_authorities
A list of the distinguished names [X501] of acceptable
certificate_authorities, represented in DER-encoded format. These
distinguished names may specify a desired distinguished name for a
root CA or for a subordinate CA; thus, this message can be used to
describe known roots as well as a desired authorization space. If
the certificate_authorities list is empty, then the client MAY
send any certificate of the appropriate ClientCertificateType,
unless there is some external arrangement to the contrary.
I think need add support empty SSLCADNRequestFile
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
