Hello! On Sat, Dec 19, 2009 at 05:23:53AM -0800, Chris H wrote:
[...] > Indeed. I understand that. In fact my OP (original post) indicated my use was > in a "vhost" - eg; > NameVirtualHost host.ip.add.ress:443 > <VirtualHost host.ip.add.ress:443> > SSLEnable > SSLVerifyClient (options 0-3;none work) > SSLRequireSSL > SSLNoV2 > <IfModule apache_ssl.c> > SSLCACertificatePath /path/to/ca-file > SSLCertificateFile /path/to/cert-file > SSLCertificateKeyFile /path/to/key-file > </IfModule> > [...] > </VirtualHost> Ah, ok, I've missed syntax you claimed for SSLVerifyClient, but with this config snipped it's much more clear. You are using apache-ssl, as in ports/www/apache13-ssl, right? It indeed seems to require renegotiation even with per-vhost SSLVerifyClient. No luck, only reverting patch will do the trick. Apache 2.2 with official mod_ssl works fine with per-vhost SSLVerifyClient, as well as Apache 1.3 with rse@'s mod_ssl (ports/www/apache22 and ports/www/apache13-modssl). Maxim Dounin _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"