Paul Ortman (portman at goshen.edu) wrote: > I'm attempting to get mod_auth_cas working as a CAS client and can't > seem to get it to trust my CAS server (login.goshen.edu). In the > Apache error log I get: > > MOD_AUTH_CAS: Could not perform SSL handshake with > login.goshen.edu (check CASCertificatePath), referer: > http://wiki.goshen.edu/twiki/bin/view/lib/WebHome
I've been dealing with what I think is a similar issue in our deployment. From what I can tell, mod_auth_cas sets an SSL verify depth limit of 1, which means that it will refuse to verify chained SSL certificates, such as IPS CA returns. I believe this is a bug, so I logged it on JIRA: http://www.ja-sig.org/issues/browse/MAS-2 In the meantime, you can easily fix it by patching mod_auth_cas.c; just delete the line SSL_CTX_set_verify_depth(ctx, 1); Hope that helps. Josh Kelley _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
