bugzilla at apache
Jun 23, 2009, 7:41 AM
Views: 171
Permalink
|
|
[Bug 46355] Support to protect multiple resources via x.509 client auth certificates that are issued off different Issuing CAs that are issued off the same Root CA
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=46355
Joe Orton <jorton[at]redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #1 from Joe Orton <jorton[at]redhat.com> 2009-06-23 07:41:14 PST ---
It's not possible to do exactly what you're requesting with OpenSSL.
It is technically feasible to simply:
- configure the root CA as SSLCACertificateFile
- in per-directory context, use SSLRequire to check that the client cert is
issued by the appropriate intermediary, by comparing the appropriate field in
the client's issuer DN - SSL_CLIENT_I_DN_*
though there may be deployment issues with that if you are expecting any given
client to have more than one cert.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org
|
[Bug 46355] Support to protect multiple resources via x.509 client auth certificates that are issued off different Issuing CAs that are issued off the same Root CA