31314 – SSLVerifyClient does not request client certificate from browser

Bug 31314 - SSLVerifyClient does not request client certificate from browser

Summary: SSLVerifyClient does not request client certificate from browser

Status:	RESOLVED DUPLICATE of bug 12355

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_ssl (show other bugs)
Version:	2.0.51
Hardware:	PC Linux

Importance:	P3 major (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-09-20 15:49 UTC by Duane Toler
Modified:	2004-11-16 19:05 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Duane Toler 2004-09-20 15:49:22 UTC

SSLVerifyClient does not request the client certificate from browser.  I tested
2.0.48, 2.0.50 and 2.0.51 to no avail.  The config works properly in v1.3.x

my config:

Alias /secure/ "/var/www/secure/"

<Directory "/var/www/secure">
   Options None
   AllowOverride AuthConfig

   SSLRequireSSL
   SSLVerifyClient optional
   SSLVerifyDepth 2
   SSLOptions +FakeBasicAuth +StdEnvVars +CompatEnvVars \
              +StrictRequire +OptRenegotiate

   Order deny,allow    Deny from all
   Allow from 10.0.1.0/24

   AuthType Basic
   AuthUserFile /etc/htpasswd.secure
   AuthName "Secure Access"
   require valid-user

   Satisfy Any
</Directory>

The premise is to request client certificates if the browser has one.  If not,
then request HTTP 401 Authorization.  In /etc/htpasswd.secure, i have the
complete DN of my certificate and the hash of the word 'password' as per the
mod_ssl documentation (to satisfy mod_auth when using FakeBasicAuth)

Comment 1 Joe Orton 2004-09-22 10:20:13 UTC

Try adding "SSLVerifyClient optional" to the SSL vhost config.  This is probably
bug 12355.

*** This bug has been marked as a duplicate of 12355 ***