Bug 1179716
Summary: | Your SSL library does not have support for per-directory CA | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] JBoss Web Server 3 | Reporter: | Libor Fuka <lfuka> | ||||||
Component: | httpd | Assignee: | Weinan Li <weli> | ||||||
Status: | CLOSED NOTABUG | QA Contact: | Libor Fuka <lfuka> | ||||||
Severity: | high | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 3.0.0 | CC: | jclere, jdoyle, mbabacek, mhasko, mturk, paul | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-01-07 13:09:21 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Created attachment 977223 [details]
httpd.log
I found some informations about the same issue here: BZ 916345 It is the excepted behaviour. Jean-frederic Clere, why this should be the excepted behaviour in the first place? Let's think of this scenario: I have SSL working on my website (free one, from Let's Encrypt) and on a certain directory I would like to authenticate potential web users through SSL client certificate. So in my config file, the <Directory> directive it should permit to declare another CA file, my OWN CA file.. not Let's Encrypt CA file, not system CA file, not any other CA file. My certificate is self signed, so is not needed to be sign/enrolled in a public CA file. It must be the excepted behaviour because the CA is associated to the server not to a directory, the CA belongs to a hostname/ip/port not to a location. |
Created attachment 977222 [details] ssl.conf Description of problem: When I want to use per-directory mod_ssl ca configuration in httpd 2.4 I receive error 'Your SSL library does not have support for per-directory CA' in httpd.log. httpd.log and ssl.conf attached Is it expected behaviour in httpd2.4 mod_ssl ?