[Modules] mod_gnutls "missing a Certificate file!"

Julian Blake Kongslie jblake at omgwallhack.org
Sat Sep 12 01:38:38 EDT 2009


I'm trying to setup an apache 2 server that offers SSL using anonymous
DH, and does not offer any certificate at all. Presently, my virtual
host configuration is as follows:

  <VirtualHost *:443>
    ServerName testbed
    GnuTLSEnable on
    GnuTLSPriorities NORMAL:+ANON-DH
    DocumentRoot /web
  </VirtualHost>

Unfortunately, apache 2 refuses to start, with the error:
  [GnuTLS] - Host 'testbed:0' is missing a Certificate File!

But that, of course, is exactly what I want.

If I provide a X.509 certificate to satisfy mod_gnutls, it is delivered
to clients, even if I add "-CTYPE-X.509" to the priorities. I can get
approximately the right thing by providing an OpenPGP certificate
instead - it, too, is sent to clients, but nothing in the world
understands it, so it is simply ignored and the connection falls back to
ANON-DH mode as I desire.

Please tell me there's a better way?

--
-Julian Blake Kongslie 
If this is a mailing list, please CC me on replies.

vim: set ft=text :
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://lists.outoforder.cc/pipermail/modules/attachments/20090911/3653925e/attachment.bin 


More information about the Modules mailing list