Date: Thu, 03 Dec 2009 19:16:52 +0200 From: Toomas Aas <toomas.aas@raad.tartu.ee> To: questions@freebsd.org Subject: SA-09-15 vs Apache with client certificates Message-ID: <4B17F284.3000602@raad.tartu.ee>
next in thread | raw e-mail | index | archive | help
Hello!
We have Apache running on FreeBSD 7.2, where among others a SSL virtual
host is defined. One particular subdirectory of this virtual host is
configured to require client certificates, using .htaccess file:
------------------------------------------------
SSLVerifyClient Require
SSLVerifyDepth 3
<FilesMatch "\.(shtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
------------------------------------------------
Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly that
if I apply the patch then this functionality will no longer work?
The only workaround I can think of is to require client certificates for
the entire vhost, but this is unrealistic to implement. Am I missing any
other options?
--
Toomas Aas
... What are you looking down here for? Read the message!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B17F284.3000602>