Remo Tabanelli wrote:
>
> On Fri, 10 Apr 1998, Giovanni Tomassini wrote:
>
> > Why? I have 2 CA: the one made with SSLeay and one made with Certificate
> > Server by Microsoft. I create Certificates that are installed both on
> > Netscape and Microsoft browsers, and i have an apache-ssl server and a IIS 4
> > server both with their "respective" server certificate and IIS4 authenticate
> > the SSLeay client certificates while apache shut down the connection with
> > IE401and any client certificate, but accept Netscape client certificate made
> > both with SSLeay or MS Certificate Server. Damn!
>
> not really true......... do this.....
>
> find in apache_ssl.c until you reach:
>
> #if SSLEAY_VERSION_NUMBER >= 0x0800
> SSL_CTX_set_tmp_rsa_callback(pConfig->pSSLCtx,TmpRSACallback);
> #endif
>
> and change it to:
>
> #if SSLEAY_VERSION_NUMBER >= 0x0800
> SSL_CTX_set_tmp_rsa_callback(pConfig->pSSLCtx,TmpRSACallback);
> SSL_CTX_set_client_CA_list(pConfig->pSSLCtx,SSL_load_client_CA_file(pConfig->szC
> ACertificateFile));
> #endif
This code is in the current Apache-SSL, and has been since 1.13.
Cheers,
Ben.
--
Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org
and Technical Director|Email: [EMAIL PROTECTED] |
A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/
London, England. |"Apache: TDG" http://www.ora.com/catalog/apache
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
