Re: [Modules] Cannot get client certificate verification to work

Tue, 13 Jan 2009 00:32:45 -0800 

I have done some more digging and its weirdness. It looks like
mod_gnutls does not take the VirtualHost directive into account.

Below is again the configuration of my two virtual hosts. The Subversion
server only has a server certificate. The CakePHP virtual host has a
server certtificate (in fact, the same one as the subversion server) and
requires client-side certification.

If the Subversion server is loaded first then neither virtual host will
ask for a client certificate. If the CakePHP host is loaded first then
*both* virtual hosts will ask for client-side certificates.

So, it looks like GnuTLSClientVerify does not take the virtual host into
account in the below configuration.

Bug? Or is something wrong with my configuration?

-- 
Sander Marechal
Lone Wolves Foundation
http://www.jejik.com

Sander Marechal wrote:
> The first one is my Subversion server.
> 
> <VirtualHost *:443>
>       # SSL using GnuTLS
>       GnuTLSEnable On
>       GnuTLSCertificateFile /etc/apache2/ssl/cert.pem
>       GnuTLSKeyFile /etc/apache2/ssl/key.pem
>       GnuTLSPriorities PERFORMANCE
> 
>       ServerName svn.jejik.com
> 
>       LogLevel warn
>       ErrorLog /var/log/apache2/error.log
>       CustomLog /var/log/apache2/access.log combined
>       ServerSignature On
> 
>       <Location "/">
>               # uninteresting Subversion configuration removed
>       </Location>
> 
> </VirtualHost>
> 
> The second one is a CakePHP website I'm developing:
> 
> <VirtualHost *:443>
>         DocumentRoot /home/sander/projects/odf-shots/trunk/server/www
>         ServerName cakephp.jejik.com
> 
>       # SSL using GnuTLS
>       GnuTLSEnable On
>       GnuTLSPriorities PERFORMANCE
>       GnuTLSCertificateFile /etc/apache2/ssl/cert.pem
>       GnuTLSKeyFile /etc/apache2/ssl/key.pem
>       GnuTLSClientVerify require
>       GnuTLSClientCAFile /etc/ssl/certs/cacert.org.pem
> 
>         ErrorLog /var/log/apache2/error.log
> 
>         # Possible values include: debug, info, notice, warn, error, crit,
>         # alert, emerg.
>         LogLevel warn
> 
>         CustomLog /var/log/apache2/access.log combined
>         ServerSignature On
> 
> </VirtualHost>
> 
> Note that the domain cakephp.jejik.com isn't in any DNS record. If you
> want to access if for yourself, add "82.95.221.82 cakephp.jejik.com" to
> your /etc/hosts file.
_______________________________________________
Modules mailing list
Modules@lists.outoforder.cc
http://lists.outoforder.cc/mailman/listinfo/modules

Reply via email to