Ideally, we should be verifying for a failed Client authentication soon after a SSL_accept, and a connection closed accordingly. The stuff that's being done in ssl_hook_Access is mostly to ensure that the certificate has proper permissions to access that location. It's mostly concerned with the "SSLRequire" parameter. Thanks -Madhu -----Original Message----- From: Doug MacEachern [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 10:56 AM To: '[EMAIL PROTECTED]' Subject: Re: [PATCH] mod_SSL with Client Authentication On Tue, 21 Aug 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > Hi, > I've enabled Client Auth in mod_ssl. The change is pretty simple - > the only thing that was to be done was to verify if the return value of a > SSL handshake had given an error. (Most part of the code was borrowed from > the existing logic in ssl_engine_kernel.c). client auth is enabled/working in ssl_hook_Access, do you know why it needs to be implemented here as well? i realize the 1.x code does this too, is it to avoid re-negotiation? i guess that would make sense performance wise. i'll take a closer look at your patch soon.
RE: [PATCH] mod_SSL with Client Authentication
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) Wed, 22 Aug 2001 10:47:40 -0700
- RE: [PATCH] mod_SSL with Client A... MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
- RE: [PATCH] mod_SSL with Cli... Doug MacEachern
- RE: [PATCH] mod_SSL with Cli... MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
