Mads Toftum wrote:
Just checking - do you have SSLVerifyClient require somewhere else?
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS" doesn't really add much
(unless you've only got optional with SSLVerifyClient)
I do - in the virtual host the cert is optional, in the protected URL space clients get "forbidden" if no cert is available. Works really well.
In contrast, SSLVerifyCert require throws a weird client error (a dreaded numeric code) on Firefox when the cert was missing, and IE gave it's usual wordy message about some vague problem with the client cert. It seems in the world of browsers, "optional" is handled much better.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
