[Modules] mod_gnutls "missing a Certificate file!"
Julian Blake Kongslie
jblake at omgwallhack.org
Sun Sep 13 17:32:09 EDT 2009
On Sun, 2009-09-13 at 12:00 +0300, Nikos Mavrogiannopoulos wrote:
> Julian Blake Kongslie wrote:
> > I'm trying to setup an apache 2 server that offers SSL using anonymous
> > DH, and does not offer any certificate at all. Presently, my virtual
> > host configuration is as follows:
> > <VirtualHost *:443>
> > ServerName testbed
> > GnuTLSEnable on
> > GnuTLSPriorities NORMAL:+ANON-DH
> > DocumentRoot /web
> > </VirtualHost>
> > Unfortunately, apache 2 refuses to start, with the error:
> > [GnuTLS] - Host 'testbed:0' is missing a Certificate File!
> > But that, of course, is exactly what I want.
> > If I provide a X.509 certificate to satisfy mod_gnutls, it is delivered
> > to clients, even if I add "-CTYPE-X.509" to the priorities. I can get
> > approximately the right thing by providing an OpenPGP certificate
> > instead - it, too, is sent to clients, but nothing in the world
> > understands it, so it is simply ignored and the connection falls back to
> > ANON-DH mode as I desire.
> > Please tell me there's a better way?
> Don't really think so. I've never considered anon to be the only option
> in mod_gnutls. If you provide a dummy certificate and set -CTYPE-X509
> and -CTYPE-OPENPGP does it do what you expect?
It seems to ignore the -CTYPE-* priorities and offer the dummy
certificate anyway. Which of course causes the client to complain about
the invalid certificate.
-Julian Blake Kongslie
If this is a mailing list, please CC me on replies.
vim: set ft=text :
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://lists.outoforder.cc/pipermail/modules/attachments/20090913/319c1766/attachment.bin
More information about the Modules