On Sat, Aug 18, 2012 at 09:00:00AM +0200, Kaspar Brand wrote: > On 17.8.12 13:59, [email protected] wrote: > > @@ -1412,6 +1421,8 @@ static void ssl_init_proxy_certs(server_ > > ssl_die(s); > > } > > > > + /* ### Why is all the following done? Why is it necessary or > > + * useful for the server to try to verify its own client cert? */ > > It's the somewhat surprising way to let OpenSSL build the chain of the > client cert, cf. > > http://mail-archives.apache.org/mod_mbox/httpd-dev/201109.mbox/%[email protected]%3E > http://mail-archives.apache.org/mod_mbox/httpd-dev/201109.mbox/%[email protected]%3E > http://mail-archives.apache.org/mod_mbox/httpd-dev/201109.mbox/%[email protected]%3E
Ah, I see. Thanks Kaspar. I've updated the comment. Regards, Joe
