Opened 10 years ago

Closed 10 years ago

#5 closed defect (fixed)

Client-side certificates not recognzied

Reported by: Daniel Kahn Gillmor Owned by: Daniel Kahn Gillmor
Priority: major Component: code
Version: 5.10 Keywords: client-certificates


imported from mantis, at 2011-10-02 macrotex wrote:

I have this configuration in Apache:

  GnuTLSEnable On
  GnuTLSCertificateFile /etc/ssl/certs/mdm-dev1-gnutls.pem
  GnuTLSKeyFile /etc/ssl/private/myserver-dev1.key
  # Client certs CA chain
  GnuTLSClientCAFile /etc/ssl/certs/ca-chain.pem
  GnuTLSExportCertificates On
  GnuTLSClientVerify ignore

  <LocationMatch /device.*/checkin>
     GnuTLSClientVerify require

I have a client going to this URL and submitting a client certificate (I know it does as I have tested this with mod_ssl and the client certificate gets passed). However, with mod_gnutls no certificate seems to get passed. In particular, the SSL_CLIENT_S_DN environment variable is empty.

Change History (2)

comment:1 Changed 10 years ago by Daniel Kahn Gillmor

Keywords: needs-test added

dash wrote:

Will try resolve this in the Next bugfix or major release.

This seems due to incorrect directory conf parsing/merging, working on a fix.

comment:2 Changed 10 years ago by Daniel Kahn Gillmor

Keywords: needs-test removed
Resolution: fixed
Status: newclosed

This has a test now, introduced in two parts.

it will be resolved in the next release.

Note: See TracTickets for help on using tickets.