Yup.. you're right. That's the reason why the client certificate parameters are maintained in the connection context - so that when a access check is being performed, a renegotiation is not triggered (again).. Another TODO item in the modules/ssl/README file can be removed : o Remember the Peer Certificate parameters. Thanks -Madhu -----Original Message----- From: Doug MacEachern [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 12:54 PM To: '[EMAIL PROTECTED]' Subject: RE: [PATCH] mod_SSL with Client Authentication On Wed, 22 Aug 2001, MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) wrote: > Ideally, we should be verifying for a failed Client authentication soon > after a SSL_accept, and a connection closed accordingly. ok, thats in, thanks. > The stuff that's being done in ssl_hook_Access is mostly to ensure that the > certificate has proper permissions to access that location. It's mostly > concerned with the "SSLRequire" parameter. also for per-location client auth (SSLVerify*). it would also handle per-server SSLVerify too, but triggers renegotiation, which it shouldn't now with your patch in.
RE: [PATCH] mod_SSL with Client Authentication
MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1) Wed, 22 Aug 2001 13:05:04 -0700
- RE: [PATCH] mod_SSL with Client A... MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
- RE: [PATCH] mod_SSL with Cli... Doug MacEachern
- MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)
