bugzilla at apache
Jun 24, 2009, 8:29 AM
Post #1 of 6
(648 views)
Permalink
|
|
[Bug 47329] SSLCADNRequest* & SSLCACertificate* silently do not work with 'Trusted' certificates
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=47329
tlhackque [at] yahoo changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|SSLCADNRequest* & |SSLCADNRequest* &
|SSLCACertificate* |SSLCACertificate* silently
|defficiency |do not work with 'Trusted'
| |certificates
--- Comment #2 from tlhackque [at] yahoo 2009-06-24 08:29:35 PST ---
The more I think about this, the more convinced I become that an error message
(or a fix) is required.
The user is supplying a valid certificate that httpd is not able to process.
Httpd doesn't behave as expected.
I lived without the correct information being sent to by clients' browsers for
several years (yes, years) until I was finally able to get traces showing that
the valid CA messages weren't being sent. It was particularly confusing as an
administrator, as when using SSLCACertificate*, the certificate was used
correctly by httpd for one purpose, but not for another. And of course, it
only really impacts clients with more than one certificate to send...
While the documentation should be improved, I don't think that's sufficient.
Arguably this can be pushed upstream to OpenSSL, as HTTPD seems to just pass
the filename along. Or HTTPD can validate the certificate itself. But
someone, somewhere in the chain needs to detect this error, and httpd needs to
ultimately report it. Silently ignoring a valid certificate isn't acceptable.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd
|
