Bug 46897 - SSL Client Verification Errors
Summary: SSL Client Verification Errors
Status: RESOLVED DUPLICATE of bug 45922
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2.11
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2009-03-23 17:25 UTC by leanmeandonothingmachine
Modified: 2010-04-13 15:39 UTC (History)
0 users

Patch to make optional_no_ca a little more optional (639 bytes, patch)
2009-03-23 17:27 UTC, leanmeandonothingmachine
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description leanmeandonothingmachine 2009-03-23 17:25:48 UTC
Right now when you use SSLVerifyClient optional_no_ca, and the client presents a certificate that is either not ready, expired, or revoked then the handshake fails and the connection is cut. Most of the time it's not really clear to the client why that happened. I'd like to make optional_no_ca a debug sort of option where when one of those problems are encountered, rather than cutting the connection it would continue to serve the request but the SSL_CLIENT_VERIFY would of course be FAILED.
Comment 1 leanmeandonothingmachine 2009-03-23 17:27:08 UTC
Created attachment 23403 [details]
Patch to make optional_no_ca a little more optional
Comment 2 Paul Donohue 2010-04-13 15:39:21 UTC

*** This bug has been marked as a duplicate of bug 45922 ***