Hello, > Hi, > > As long as you're still in the SSL handshake phase (checking the client certs etc), you're not able to redirect the client to an error page. In this phase you're not talking HTTP yet.
Thank you for explanation! > > The only way I know to solve this is to allow all clients to pass (by setting SSLClientVerifiy to optional) and passing the result to your webapp (by setting SSLOptions +StdEnvVars) . Than the webapp can decide whether to allow the client in or redirect it to a specific error page. I did it. O works well when client has no cert at all, but when cert exists but expired - I received errors: DNS error on MSIE and I/O error on NS. Error_log contans the following: [error] mod_ssl: Certificate Verification: Error (10): Certificate has expired [error] mod_ssl: SSL handshake failed (server www.host.com:443, client 207.17.47.143) (OpenSSL library error follows) [error] OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned The same result with optional_no_ca. > > Hope this helps, > > Danny > >Hello all, > > > >Is it possible to redirect user with bad cert to other page? > >As I understand, server doesn't return any error code after ssl error on > >expired cert. Therefore, ErrorDocument directive doesn,t work. > > > >Thank You > >Oleg Lebedev > > > > > >______________________________________________________________________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
