On Fri, May 28, 1999, Andrea e Luca Giacobazzi wrote:
> SSLRequireSSL doesn't work properly on my server because, with that follow
> configuration directives, I can access secure_area also without SSL, from
> the port 2000 with http.
> Also SSLRequire with SSL_CLIENT_CN doesn't work, the access is ever
> forbidden.
> Any idea ?
> Thanks in advance.
>
> >From httpd.conf:
> <Directory /home/giacob/src/work_ocsp/apache/htdocs/secure_area>
> SSLRequireSSL
> SSLVerifyClient require
> SSLVerifyDepth 10
> SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
> SSLRequire %{SSL_CLIENT_CN} eq "Massimiliano Pala"
> </Directory>
Oh, and BTW: Is this also with "SSLOptions +StrictRequire"? I ask because I
know you're fiddling with the auth stuff yourself because of your own
patches... perhaps your auth stuff conflicts here. Have you tried this with a
plain Apache+mod_ssl+OpenSSL (i.e. without any of your OCSP patches)?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
