[Modules] mod_gnutls "missing a Certificate file!"
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sun Sep 13 05:00:54 EDT 2009
Julian Blake Kongslie wrote:
> I'm trying to setup an apache 2 server that offers SSL using anonymous
> DH, and does not offer any certificate at all. Presently, my virtual
> host configuration is as follows:
>
> <VirtualHost *:443>
> ServerName testbed
> GnuTLSEnable on
> GnuTLSPriorities NORMAL:+ANON-DH
> DocumentRoot /web
> </VirtualHost>
>
> Unfortunately, apache 2 refuses to start, with the error:
> [GnuTLS] - Host 'testbed:0' is missing a Certificate File!
>
> But that, of course, is exactly what I want.
>
> If I provide a X.509 certificate to satisfy mod_gnutls, it is delivered
> to clients, even if I add "-CTYPE-X.509" to the priorities. I can get
> approximately the right thing by providing an OpenPGP certificate
> instead - it, too, is sent to clients, but nothing in the world
> understands it, so it is simply ignored and the connection falls back to
> ANON-DH mode as I desire.
> Please tell me there's a better way?
Don't really think so. I've never considered anon to be the only option
in mod_gnutls. If you provide a dummy certificate and set -CTYPE-X509
and -CTYPE-OPENPGP does it do what you expect?
regards,
Nikos
More information about the Modules
mailing list