Bug 46897

Summary: SSL Client Verification Errors
Product: Apache httpd-2 Reporter: leanmeandonothingmachine
Component: mod_sslAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: normal    
Priority: P2    
Version: 2.2.11   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Patch to make optional_no_ca a little more optional

Description leanmeandonothingmachine 2009-03-23 17:25:48 UTC
Right now when you use SSLVerifyClient optional_no_ca, and the client presents a certificate that is either not ready, expired, or revoked then the handshake fails and the connection is cut. Most of the time it's not really clear to the client why that happened. I'd like to make optional_no_ca a debug sort of option where when one of those problems are encountered, rather than cutting the connection it would continue to serve the request but the SSL_CLIENT_VERIFY would of course be FAILED.
Comment 1 leanmeandonothingmachine 2009-03-23 17:27:08 UTC
Created attachment 23403 [details]
Patch to make optional_no_ca a little more optional
Comment 2 Paul Donohue 2010-04-13 15:39:21 UTC

*** This bug has been marked as a duplicate of bug 45922 ***