On Thu, Jan 25, 2001 at 10:40:10AM +0100, Reich, Stefan wrote:
> The problem I have is with client authentication enabled.
>
> Pure SSL works fine, but if I ask for client Certificates, Netscape asks me
> for the certificate to send on each request.
>
> Is this a bug or a feature in Netscape? Is there anyone out there, who works
> with client authentication via certificates too????
There are several possible reasons:
- The session is not reused. For each new session negotiation the client
certificate will be requested again. When session caching is working,
you won't be asked again. It works, I know for sure, I use it myself
- A certificate may also be requested when a re-negotiation takes place.
In OpenSSL, the SSL_VERIFY_CLIENT_ONCE flag controls whether the
client certificate is to be requested again. I am not familiar enough
with the mod_ssl implementation to just answer it blindly, I would have
to work myself through the source.
If you are willing to spend some minutes, get ssldump from
www.rtfm.com/ssldump
It will analyse the the communication for you and probably give you the
right hint on the problem.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
