Date: Sat, 19 Dec 2009 21:08:36 +0300 From: Maxim Dounin <mdounin@mdounin.ru> To: Chris H <chris#@1command.com> Cc: freebsd-stable@freebsd.org Subject: Re: SSL appears to be broken in 8-STABLE/RELEASE Message-ID: <20091219180836.GK43547@mdounin.ru> In-Reply-To: <bdfefec32f04cf03ea6d08a9096a334e.HRCIM@webmail.1command.com> References: <f196357e2f75a3f986ab0c4dd04a7697.HRCIM@webmail.1command.com> <20091219101408.GG43547@mdounin.ru> <c92b2b73348fd5c7cd4d2c1f1d027515.HRCIM@webmail.1command.com> <20091219115424.GI43547@mdounin.ru> <bdfefec32f04cf03ea6d08a9096a334e.HRCIM@webmail.1command.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Sat, Dec 19, 2009 at 05:23:53AM -0800, Chris H wrote: [...] > Indeed. I understand that. In fact my OP (original post) indicated my use was > in a "vhost" - eg; > NameVirtualHost host.ip.add.ress:443 > <VirtualHost host.ip.add.ress:443> > SSLEnable > SSLVerifyClient (options 0-3;none work) > SSLRequireSSL > SSLNoV2 > <IfModule apache_ssl.c> > SSLCACertificatePath /path/to/ca-file > SSLCertificateFile /path/to/cert-file > SSLCertificateKeyFile /path/to/key-file > </IfModule> > [...] > </VirtualHost> Ah, ok, I've missed syntax you claimed for SSLVerifyClient, but with this config snipped it's much more clear. You are using apache-ssl, as in ports/www/apache13-ssl, right? It indeed seems to require renegotiation even with per-vhost SSLVerifyClient. No luck, only reverting patch will do the trick. Apache 2.2 with official mod_ssl works fine with per-vhost SSLVerifyClient, as well as Apache 1.3 with rse@'s mod_ssl (ports/www/apache22 and ports/www/apache13-modssl). Maxim Dounin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091219180836.GK43547>