On Fri, Feb 26, 1999, GOMEZ Henri wrote:
> I grab many part of ssl_mod to develop a ssl proxy using certificates to
> restrict access to internal resource
> (http://www.multimania.com/jonama/)...
>
> Questions :
>
> 1) It's not clear is if SSLCACertificatePath must point to a directory
> with client certs or a directory with well-known CA certs (ie
> Thawte/Verisign..).
A dir with known CA certs.
> 2) Did mod_ssl need hash filename in CAPath since it parse all files in
> the directory ???
It parses the files to construct the CA _list_, but
OpenSSL later needs the hash links to _access_ the files.
> 3) When and where the client certificate verification is done in mod_ssl
> ?
Inside the function ssl_callback_SSLVerify
> 4) I've got a WebServer certificate from Thawte. Can I use it or modify
> it to sign my own certificates ???
>
> 1) Thawte
> 2) my WWW certificate
> 3) my clients certs
You can't modify it after it's signed, of course. But you
theoretically could use it to sign other certs, yes.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
