[4222] in WWW Security List Archive
Apache-SSL Access Control
daemon@ATHENA.MIT.EDU (Jorge Figueiredo)
Fri Jan 31 12:05:00 1997
Date: Fri, 31 Jan 1997 15:02:30 +0000
To: www-security@ns2.rutgers.edu
From: Jorge Figueiredo <jf@porto.ucp.pt>
Errors-To: owner-www-security@ns2.rutgers.edu
My problem is this:
I am running an Apache-SSL server,
I want to let new visitors access some pages in my server without having to
present a
certificate, for example the pages where they ask for one. On the other
hand, I want to have directories where only certified clients are allowed.
If I set SSLVerifyClient to 2 and use SSLFakeBasicAuth the part of allowing
only certified clients works great, but clients without certificate can't
get to ask for one. If set SSLVerifyClient to 1 it works just like set to 2,
not allowing uncertified clients. If I set SSLVerifyClient to 0 it allows
uncertified clients to ask for their certificate, but SSLFakeBasicAuth
doens't works because the client never presents it's certificate to the server!
Do you have any ideia?
Thanks,
Jorge
