Olaf Gellert wrote:
Dominique Lohez wrote:
You use the directive
Order deny allow
so the deny directives are evaluated before the alow directives
and furthermore every thing which is not denied is allowed
I suggest you should use the
Order Allow, deny directive
so that everything which is not allowed is denied
Thanx for this hint. I changed it to "allow, deny" but
it does not change the result: The server still grants
access to the wrong certificate. Hmmm...
Still don't know what I am doing wrong. Here's my complete
actual config (if someone really would want to look at it)
;-) Seems as if the SSLRequire never comes into effect
(even if I compare the CN with "Foo" instead of "Testuser"
access is allowed)...
In fact the
Allow from localhost
directive should be removed or the test should be carried out from
another host:
Since this directive is matched by the test connection
the other directives are considered and so the SSLRequire directive is
not used
Dominique
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 71
Email: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
