RE: Two-way authentication

Wed, 28 Feb 2001 01:03:10 -0800 

Just wanted to know if anyone else was using this option.
Regarding our trouble with two-way authentication; is seems that the server
sometimes freezes, or that it sometimes insists on asking for the user
sertificate (re-negotiation) on every request. There are some keep-alive
problems as well. I really haven't figured out what causes this, so it might
be something un-related to the web server, or perhaps it's just me goofing
it up ;-)
As for CRL handling; there really should be an OCSP option. Some CA's
doesn't publish their CRL's, but makes you look it up on their server. This
means we have to have some sort of 'middle-ware' to do this job.
You seem a little agitated, there. No need to take this personally (unless
it was you who made the thing, of course ;-)
 -Jon
PS: As for prices on commercial CRL software; have you checked ? OK, its not
a million bucks, but it's _expensive_.


> -----Original Message-----
> From: Mads Toftum [SMTP:[EMAIL PROTECTED]]
> Sent: 28. februar 2001 09:58
> To:   [EMAIL PROTECTED]
> Subject:      Re: Two-way authentication
> 
> On Wed, Feb 28, 2001 at 09:41:00AM +0100, John Espen Hetty wrote:
> > 
> > Anyone using it ? ('SSLVerifyClient require')
> 
> Yes.
> 
> > Seems the implementation isn't all that good. The same for CRL handling.
> 
> What are you talking about - except having to restart Apache when loading
> new CRL's, I've had no problems with it. 
> If you don't give a proper problem description, then it is _very_ hard
> to believe that it is anything more than a simple luser error - and
> impossible to fix.
> 
> > It's too bad though. Hate to dish out a million bucks for something
> > commercial that'l do the job.
> > 
> Even if you do insist on buying a commercial product, then there should
> be plenty of options costing somewhat less than $1 mill.
> 
> vh
> 
> Mads Toftum
> -- 
> `Darn it, who spiked my coffee with water?!' - lwall
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to