[Issues] [mod_gnutls 0000085]: Client verify X.509 authentication doesn't work
Mantis Bug Tracker
issues at outoforder.cc
Fri Apr 18 08:50:57 EDT 2008
A NOTE has been added to this issue.
======================================================================
http://issues.outoforder.cc/view.php?id=85
======================================================================
Reported By: szollosi
Assigned To:
======================================================================
Project: mod_gnutls
Issue ID: 85
Category: Apache Integration
Reproducibility: always
Severity: block
Priority: normal
Status: feedback
Apache Version: 2.2.3
======================================================================
Date Submitted: 2008-04-15 13:39 EDT
Last Modified: 2008-04-18 08:50 EDT
======================================================================
Summary: Client verify X.509 authentication doesn't work
Description:
Client verify X.509 authentication doesn't work. my virtualhost's gnutls
settings:
GnuTLSEnable on
GnuTLSPriorities NORMAL
GNUTLSExportCertificates on
GnuTLSCertificateFile /etc/apache2/ssl/server.crt
GnuTLSKeyFile /etc/apache2/ssl/server.key
GnuTLSClientVerify require
GnuTLSClientCAFile /etc/apache2/ssl/cacert.pem
======================================================================
----------------------------------------------------------------------
(0000109) nmav (manager) - 2008-04-18 01:30
http://issues.outoforder.cc/view.php?id=85#c109
----------------------------------------------------------------------
Well saying doesn't work, it does not help me in any way. I can reply, it
works for me. What is it that it makes you think it does work? Do you get
any error messages? What happens to the client?
----------------------------------------------------------------------
(0000110) nmav (manager) - 2008-04-18 01:31
http://issues.outoforder.cc/view.php?id=85#c110
----------------------------------------------------------------------
More feedback is required. Client authentication works in the test servers.
----------------------------------------------------------------------
(0000114) szollosi (reporter) - 2008-04-18 08:50
http://issues.outoforder.cc/view.php?id=85#c114
----------------------------------------------------------------------
sorry. OK.
i examine the situation, i found 2 problem.
the first problem is: i have more client certificate in the certificate
manager. with mod_ssl, the client sends the right certificate to the
server, with mod_gnutls the client sends bad certificate, but when i
select the right certificate manually the authentication was done right.
the client is iceweasel (firefox) 2.0.0.12.
the second problem is really a feature request: with mod_ssl i can use
SSLUserName SSL_CLIENT_S_DN_CN settings, so i can use
$_SERVER['REMOTE_USER'] variable in my php authentication code.
thanks!
Issue History
Date Modified Username Field Change
======================================================================
2008-04-15 13:39 szollosi New Issue
2008-04-15 13:39 szollosi Apache Version => 2.2.3
2008-04-18 01:30 nmav Note Added: 0000109
2008-04-18 01:31 nmav Note Added: 0000110
2008-04-18 01:31 nmav Status new => feedback
2008-04-18 08:50 szollosi Note Added: 0000114
======================================================================
More information about the Issues
mailing list