Re: SSLProxy* directives
Hi, On Tue, Oct 15, 2002 at 06:16:07PM +0200, Maik Mueller wrote: This brings up some questions to me: Why aren't there two options like SSLProxyMachineCertificateFile, SSLProxyMachineKeyFile for separated certificate and key files? Is there a way to provide several certificate/key pairs? Yes, you can either put several key pairs in the file referenced by SSLProxyMachineCertificateFile, or you can use a directory of files (each containing a key pair) with SSLProxyMachineCertificatePath; all files in the specified directory are loaded. If you have configured the origin server to send a list of CA names in the client certificate request, mod_ssl will then try to pick an appropriate client cert which was issued by one of the CA names it receives. (there are some useful debugging messages at SSLLogLevel debug) The Apache documentation (www.apache.org) describes SSLProxy* as part of mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org? (Probably Ralf Engelschall can explain this.) Is this Apache 2.0 feature available in Apache 1.3 too? Yep, these directives work in mod_ssl/2.8 for Apache 1.3, though were never documented. I think the current documentation of SSLProxyMachineCertificateFile is at least misleading. Yes, it's been cut'n'pasted badly; you could report a documentation bug on that at http://nagoya.apache.org/bugzilla/ Regards, joe -- Joe Orton, Red Hat Europe, Stronghold Engineering __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLProxy* directives
The Apache documentation (www.apache.org) describes SSLProxy* as part of mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org? (Probably Ralf Engelschall can explain this.) Because nobody wrote it :( I was the one who wrote it for Apache 2, based on some stuff we had for Covalent SSL Is this Apache 2.0 feature available in Apache 1.3 too? I think so, you need to compile with SSL_EXPERIMENTAL flag. But I do not think it worked very well Doug MacEachern rewrote a big part of it to work more cleanly in Apache 2.0 I think the current documentation of SSLProxyMachineCertificateFile is at least misleading. Please correct and submit a patch to [EMAIL PROTECTED] :) Cheers Daniel -- Teach Yourself Apache 2 -- http://apacheworld.org/ty24/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLProxy* directives
On Tue, Oct 15, 2002 at 12:07:56PM -0700, Daniel Lopez wrote: The Apache documentation (www.apache.org) describes SSLProxy* as part of mod_ssl. Why isn't there any information about SSLProxy* on www.modssl.org? (Probably Ralf Engelschall can explain this.) Because nobody wrote it :( I was the one who wrote it for Apache 2, based on some stuff we had for Covalent SSL Is this Apache 2.0 feature available in Apache 1.3 too? I think so, you need to compile with SSL_EXPERIMENTAL flag. But I do not think it worked very well Doug MacEachern rewrote a big part of it to work more cleanly in Apache 2.0 AFAICT the handling of client certs was not functionally changed at all in 2.0, though yes, it has been massively cleaned up (using sensible variable names rather than random collections of letters and all that lovely stuff ;). Regards, joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]