[Bug 60186] Adding a SSL Verify directive to accept expired client certificate

bugzilla Tue, 24 Jun 2025 18:57:47 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=60186


Joe Orton <jor...@redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #1 from Joe Orton <jor...@redhat.com> ---
I'd treat this as the same as the optional_no_ca issue tracked in bug 60028. I
think it's highly unlikely that we get a strong assurance from the OpenSSL API
that if X509_V_ERR_CERT_HAS_EXPIRED is returned that is the *only* verification
error seen in the chain, so enabling this could plausibly mask some more
serious trust/verify issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

[Bug 60186] Adding a SSL Verify directive to accept expired client certificate

Reply via email to