Bug 1179716

Summary: Your SSL library does not have support for per-directory CA
Product: [Retired] JBoss Web Server 3 Reporter: Libor Fuka <lfuka>
Component: httpdAssignee: Weinan Li <weli>
Status: CLOSED NOTABUG QA Contact: Libor Fuka <lfuka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.0.0CC: jclere, jdoyle, mbabacek, mhasko, mturk, paul
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-07 13:09:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
ssl.conf
none
httpd.log none

Description Libor Fuka 2015-01-07 11:52:19 UTC 
Created attachment 977222 [details]
ssl.conf

Description of problem:
When I want to use per-directory mod_ssl ca configuration in httpd 2.4 I receive error 'Your SSL library does not have support for per-directory CA' in httpd.log.
httpd.log and ssl.conf attached

Is it expected behaviour in httpd2.4 mod_ssl ?
Comment 1 Libor Fuka 2015-01-07 11:52:47 UTC 
Created attachment 977223 [details]
httpd.log
Comment 2 Libor Fuka 2015-01-07 11:53:54 UTC 
I found some informations about the same issue here:
BZ 916345
Comment 3 Jean-frederic Clere 2015-01-07 13:09:21 UTC 
It is the excepted behaviour.
Comment 4 Paul 2018-03-26 10:02:45 UTC 
Jean-frederic Clere, why this should be the excepted behaviour in the first place?

Let's think of this scenario:

I have SSL working on my website (free one, from Let's Encrypt) and on a certain directory I would like to authenticate potential web users through SSL client certificate.

So in my config file, the <Directory> directive it should permit to declare another CA file, my OWN CA file.. not Let's Encrypt CA file, not system CA file, not any other CA file.

My certificate is self signed, so is not needed to be sign/enrolled in a public CA file.
Comment 5 Jean-frederic Clere 2018-03-26 11:57:10 UTC 
It must be the excepted behaviour because the CA is associated to the server not to a directory, the CA belongs to a hostname/ip/port not to a location.