Opened 5 years ago

Closed 5 years ago

#5 closed defect (fixed)

Client-side certificates not recognzied

Reported by: https://id.mayfirst.org/dkg Owned by: https://id.mayfirst.org/dkg
Priority: major Component: code
Version: 5.10 Keywords: client-certificates
Cc:

Description

imported from mantis, at 2011-10-02 macrotex wrote:

I have this configuration in Apache:

<VirtualHost example.com:443>
  GnuTLSEnable On
  GnuTLSPriorities NORMAL:!DHE-RSA:!DHE-DSS:!AES-256-CBC:%COMPAT
  GnuTLSCertificateFile /etc/ssl/certs/mdm-dev1-gnutls.pem
  GnuTLSKeyFile /etc/ssl/private/myserver-dev1.key
  # Client certs CA chain
  GnuTLSClientCAFile /etc/ssl/certs/ca-chain.pem
  GnuTLSExportCertificates On
  GnuTLSClientVerify ignore

  <LocationMatch /device.*/checkin>
     GnuTLSClientVerify require
  </LocationMatch>
</VirtualHost>

I have a client going to this URL and submitting a client certificate (I know it does as I have tested this with mod_ssl and the client certificate gets passed). However, with mod_gnutls no certificate seems to get passed. In particular, the SSL_CLIENT_S_DN environment variable is empty.

Change History (2)

comment:1 Changed 5 years ago by https://id.mayfirst.org/dkg

  • Keywords needs-test added

dash wrote:

Will try resolve this in the Next bugfix or major release.

This seems due to incorrect directory conf parsing/merging, working on a fix.

comment:2 Changed 5 years ago by https://id.mayfirst.org/dkg

  • Keywords needs-test removed
  • Resolution set to fixed
  • Status changed from new to closed

This has a test now, introduced in two parts.

it will be resolved in the next release.

Note: See TracTickets for help on using tickets.