Hi, I just committed to SVN version 0.9.6 which now implements a new directive, 'CASValidateDepth' (default value: 9 - I believe this is what OpenSSL uses as a default). This should alleviate any problems you are having.
Thanks for the troubleshooting & bug report. If you have any more problems, let me know. -Phil On 8/1/07 5:17 PM, "Josh Kelley" <[EMAIL PROTECTED]> wrote: > Paul Ortman (portman at goshen.edu) wrote: > >> I'm attempting to get mod_auth_cas working as a CAS client and can't >> seem to get it to trust my CAS server (login.goshen.edu). In the >> Apache error log I get: >> >> MOD_AUTH_CAS: Could not perform SSL handshake with >> login.goshen.edu (check CASCertificatePath), referer: >> http://wiki.goshen.edu/twiki/bin/view/lib/WebHome > > I've been dealing with what I think is a similar issue in our > deployment. From what I can tell, mod_auth_cas sets an SSL verify > depth limit of 1, which means that it will refuse to verify chained > SSL certificates, such as IPS CA returns. I believe this is a bug, so > I logged it on JIRA: > > http://www.ja-sig.org/issues/browse/MAS-2 > > In the meantime, you can easily fix it by patching mod_auth_cas.c; > just delete the line > SSL_CTX_set_verify_depth(ctx, 1); > > Hope that helps. > > Josh Kelley > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
