On 2016-11-23 12:36, Eric Covener wrote: > * I didn't think SSLVerifyClient's data was ever implicitly used in > lieu of basic auth, this gave me pause in the quoted sentence > * The thing to look for here would be whether your request triggers an > SSL renegotiation or not, and if in that 2nd handhsake there is a > certificate request from the server. > * These configs won't work when TLS1.3 arrives because there is no > renegotiation.
Why would there be a need for renegotiation? In my scenario SSL is always used. If the client has a cert installed, the cert should be used. Otherwise the standard/basic auth should be used (still over SSL). What is troubling is the fact that it works in a virtual server context, but not in the directory context. There are configurations available that either allow you to use a cert or a basic (or 3rd party) auth mechanism. And I'm using them in my virtual server context, but now I want it to work in the directory context as well. It is in the documentation after all. But it is not working and I would like to know why. Cheers, K. C. -- regards Helmut K. C. Tessarek lookup http://pool.sks-keyservers.net for KeyID 0xC11F128D /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */
