I have done some more digging and its weirdness. It looks like mod_gnutls does not take the VirtualHost directive into account.
Below is again the configuration of my two virtual hosts. The Subversion server only has a server certificate. The CakePHP virtual host has a server certtificate (in fact, the same one as the subversion server) and requires client-side certification. If the Subversion server is loaded first then neither virtual host will ask for a client certificate. If the CakePHP host is loaded first then *both* virtual hosts will ask for client-side certificates. So, it looks like GnuTLSClientVerify does not take the virtual host into account in the below configuration. Bug? Or is something wrong with my configuration? -- Sander Marechal Lone Wolves Foundation http://www.jejik.com Sander Marechal wrote: > The first one is my Subversion server. > > <VirtualHost *:443> > # SSL using GnuTLS > GnuTLSEnable On > GnuTLSCertificateFile /etc/apache2/ssl/cert.pem > GnuTLSKeyFile /etc/apache2/ssl/key.pem > GnuTLSPriorities PERFORMANCE > > ServerName svn.jejik.com > > LogLevel warn > ErrorLog /var/log/apache2/error.log > CustomLog /var/log/apache2/access.log combined > ServerSignature On > > <Location "/"> > # uninteresting Subversion configuration removed > </Location> > > </VirtualHost> > > The second one is a CakePHP website I'm developing: > > <VirtualHost *:443> > DocumentRoot /home/sander/projects/odf-shots/trunk/server/www > ServerName cakephp.jejik.com > > # SSL using GnuTLS > GnuTLSEnable On > GnuTLSPriorities PERFORMANCE > GnuTLSCertificateFile /etc/apache2/ssl/cert.pem > GnuTLSKeyFile /etc/apache2/ssl/key.pem > GnuTLSClientVerify require > GnuTLSClientCAFile /etc/ssl/certs/cacert.org.pem > > ErrorLog /var/log/apache2/error.log > > # Possible values include: debug, info, notice, warn, error, crit, > # alert, emerg. > LogLevel warn > > CustomLog /var/log/apache2/access.log combined > ServerSignature On > > </VirtualHost> > > Note that the domain cakephp.jejik.com isn't in any DNS record. If you > want to access if for yourself, add "82.95.221.82 cakephp.jejik.com" to > your /etc/hosts file. _______________________________________________ Modules mailing list Modules@lists.outoforder.cc http://lists.outoforder.cc/mailman/listinfo/modules