|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Emmanuel Dreyfus (manu
netbsd.org)
Date: Sun Jul 04 2010 - 13:34:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thor Lancelot Simon <tlspanix.com> wrote:
> > Another problem is how to workaround the workaround. As I underdstand,
> > client certificate authentication requires renegociation if it is not
> > enabled server-wide: in that situation, the SSL handshake occurs, the
> > the client requests a ressource requiring client certificate, and the
> > server starts a renegociation so that the client can send its
> > certificate.
>
> This is, to say the least, a particularly obnoxious abuse of SSL's
> renegotiation "feature". It also simply won't work with a surprisingly
> large number of clients, because many small SSL/TLS implementations never
> implemented renegotiation at all.
It used to work with Firefox, I would like to get client cert
authentication working again. Even without regnegociation, since, as I
understood, it is how it should work if client cert is requested
<VirtualHost>-wide.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manunetbsd.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]