optional_no_ca

Janus Liebregts Tue, 31 Oct 2000 04:08:25 -0800
Hi,

I try to upgrade my modssl from:
Apache/1.3.6 (Unix) mod_ssl/2.3.11 OpenSSL/0.9.3a

to:
Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6

but the nice feature optional_no_ca doesn't work anymore.
Some nice scripts (e.g. show every presented certificate:
https://sslap.wind.surfnet.nl:8889/cgi-bin/viewcert.pl )

doesn't work on mod_ssl/2.3.11, it requires me to present the
SSLCACertificatePath or SSLCACertificateFile for accepting a
certificate.

I saw that also the modssl-test on
https://www.modssl.org/example/test.phtml doesn't show the client
certificate anymore.

I have included the old working configuration

<VirtualHost _default_:8889>
DocumentRoot /usr/local/httpsd/htdocs
ServerName sslap.wind.surfnet.nl
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/httpsd/logs/error_log
TransferLog /usr/local/httpsd/logs/access_log
SSLEngine on
SSLCertificateFile    /usr/local/httpsd/conf/ssl.crt/sslap.crt
SSLCertificateKeyFile /usr/local/httpsd/conf/ssl.key/sslap.key.unsecure
#SSLCACertificatePath    /usr/local/httpsd/conf/ssl.crt
#SSLCACertificateFile   
/usr/local/httpsd/conf/ssl.crt/testca-mayjune99.crt
SSLVerifyClient optional_no_ca
SSLVerifyDepth  10

SSLOptions +ExportCertData 
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/httpsd/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

regards,
Janus Liebregts
SURFnet
S/MIME Cryptographic Signature
optional_no_ca

Reply via email to
