Mailing List Archive: Apache: Bugs

[Bug 46355] Support to protect multiple resources via x.509 client auth certificates that are issued off different Issuing CAs that are issued off the same Root CA

Index | Next | Previous | View Threaded

bugzilla at apache

Jun 23, 2009, 7:41 AM

Post #1 of 1 (166 views)
Permalink

[Bug 46355] Support to protect multiple resources via x.509 client auth certificates that are issued off different Issuing CAs that are issued off the same Root CA

https://issues.apache.org/bugzilla/show_bug.cgi?id=46355

Joe Orton <jorton[at]redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID

--- Comment #1 from Joe Orton <jorton[at]redhat.com> 2009-06-23 07:41:14 PST ---
It's not possible to do exactly what you're requesting with OpenSSL.

It is technically feasible to simply:

- configure the root CA as SSLCACertificateFile
- in per-directory context, use SSLRequire to check that the client cert is
issued by the appropriate intermediary, by comparing the appropriate field in
the client's issuer DN - SSL_CLIENT_I_DN_*

though there may be deployment issues with that if you are expecting any given
client to have more than one cert.

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com