Hi everyone, I'm trying to get apache with mod_proxy and mod_ssl (1.3.12/2.6.4) to verify certificates on remote servers. It would automaticaly accept self-signed certificates which is clearly a vulnerability. I activated SSL_EXPERIMENTAL mode, and the program compiled without incident, but when I try to start httpd it quits. Using gdb I discovered that during the proxy initialization in ssl_ext_mp_init the SSL_CTX_new call returns a null context. Does anyone know what might be causing this problem and if there is any obvious solution? I noticed that the new version of mod_ssl (2.6.6) which came out yesterday has a bugfix relating to the HTTPS proxy experimental code, but the description of the bugfix seems unrelated to my problem. I would appreciate any help, either to get the implementation of mod_ssl working correctly, or to give me some tips as to how I can write my own verification code using the openssl crypto library. Thanks, -Kevin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
