https://bz.apache.org/bugzilla/show_bug.cgi?id=70003
Bug ID: 70003
Summary: Upcoming changes by CAs might break some Client
Certificate Authentication use-cases
Product: Apache httpd-2
Version: 2.4.66
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Changes by CAs to stop issuing server certificates with the Client
Authentication EKU might break some Client Certificate use-cases.
Our proposal is to introduce a config directive that allows to selectively
disable the purpose check to allow for a grace period in cases where there is
not enough time to migrate to a proper client certificate PKI.
We have submit this proposal as pull request on GitHub:
https://github.com/apache/httpd/pull/632. This would allow to continue with
strict certificate verification, but ignoring any issues that arise from the
missing EKU.
There is also a similar pull request, that could be helpful for deployments
that do not use strict certificate validation:
https://github.com/apache/httpd/pull/192.
Let me know if you need additional information.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
