Bug 1179716 - Your SSL library does not have support for per-directory CA
Summary: Your SSL library does not have support for per-directory CA
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: JBoss Web Server 3
Classification: Retired
Component: httpd
Version: 3.0.0
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: ---
Assignee: Weinan Li
QA Contact: Libor Fuka
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-07 11:52 UTC by Libor Fuka
Modified: 2018-03-26 11:57 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-01-07 13:09:21 UTC


Attachments (Terms of Use)
ssl.conf (9.73 KB, text/plain)
2015-01-07 11:52 UTC, Libor Fuka
no flags Details
httpd.log (260 bytes, text/plain)
2015-01-07 11:52 UTC, Libor Fuka
no flags Details

Description Libor Fuka 2015-01-07 11:52:19 UTC
Created attachment 977222 [details]
ssl.conf

Description of problem:
When I want to use per-directory mod_ssl ca configuration in httpd 2.4 I receive error 'Your SSL library does not have support for per-directory CA' in httpd.log.
httpd.log and ssl.conf attached

Is it expected behaviour in httpd2.4 mod_ssl ?

Comment 1 Libor Fuka 2015-01-07 11:52:47 UTC
Created attachment 977223 [details]
httpd.log

Comment 2 Libor Fuka 2015-01-07 11:53:54 UTC
I found some informations about the same issue here:
BZ 916345

Comment 3 Jean-frederic Clere 2015-01-07 13:09:21 UTC
It is the excepted behaviour.

Comment 4 Paul 2018-03-26 10:02:45 UTC
Jean-frederic Clere, why this should be the excepted behaviour in the first place?

Let's think of this scenario:

I have SSL working on my website (free one, from Let's Encrypt) and on a certain directory I would like to authenticate potential web users through SSL client certificate.

So in my config file, the <Directory> directive it should permit to declare another CA file, my OWN CA file.. not Let's Encrypt CA file, not system CA file, not any other CA file.

My certificate is self signed, so is not needed to be sign/enrolled in a public CA file.

Comment 5 Jean-frederic Clere 2018-03-26 11:57:10 UTC
It must be the excepted behaviour because the CA is associated to the server not to a directory, the CA belongs to a hostname/ip/port not to a location.


Note You need to log in before you can comment on or make changes to this bug.