Summary: | Configure mod_ssl for send empty distinguished names list | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Aleksandr <aleksgrv> |
Component: | mod_ssl | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | enhancement | ||
Priority: | P2 | ||
Version: | 2.4.23 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | All |
Description
Aleksandr
2017-12-26 07:00:47 UTC
With this same need, we managed to achieve having a empty CA list by commenting out line 873 in modules/ssl/ssl_engine_init.c /* SSL_CTX_set_client_CA_list(ctx, ca_list); */ Quite a bit of a hack. In HAProxy this is done by parameter "no-ca-names": https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#5.1-no-ca-names It also achieves that by wrapping the same statement above in an "if". I believe this should also be added as a parameter in httpd. |