On 12/06/2009 06:19 PM, Ricky Burgin wrote: > Hello all, > > I've heard about the recent vulnerability regarding SSL renegotiations > and from what I can tell, it seems to have broken the usage of > SSLVerifyClient inside a httpd <Directory> directive. > > I'm trying to get Apache to verify client certificates, but only for a > specific directory on my website, yet it only seems to kick in and work > if I do it inside the <VirtualHost> directive, but not inside a > <Directory> directive. > > I'm going by the examples presented on > http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html#arbitraryclients yet > they seem to suffer from the exact same issue. > > Any help would be appreciated.
I cannot confirm this. Please post to the users list and provide the configuration and the issues you faced. Regards RĂ¼diger
