Hi Stephen,
It seems that the Extension 'Name Constraints' marked as critical is causing the issue.
What is strange is that openssl can verify the cert, however, it seems that potentially mod_ssl calls openssl differently?
When you say - "Yes X509_V_FLAG_IGNORE_CRITICAL will do it but you may not be able to set that
flag in the Apache config file"
flag in the Apache config file"
Is it possible to tell apache to ignore certain extensions? This possibility had not occured to me & I had assumed modifying openssl would be the only option.
Diarmuid
On 5/27/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Sat, May 27, 2006, Diarmuid Curtin wrote:
> Thanks,
>
> Is there however a switch / flag just to turn this functionality off?
>
> Unfortunately, I am not very familar with openssl.
>
Yes X509_V_FLAG_IGNORE_CRITICAL will do it but you may not be able to set that
flag in the Apache config file.
What extension is causing the problem? If you aren't sure either post it or
send it ot me privately.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
