1179716 – Your SSL library does not have support for per-directory CA

Bug 1179716 - Your SSL library does not have support for per-directory CA

Summary: Your SSL library does not have support for per-directory CA

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	JBoss Web Server 3
Classification:	Retired
Component:	httpd
Sub Component:
Version:	3.0.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Weinan Li
QA Contact:	Libor Fuka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-01-07 11:52 UTC by Libor Fuka
Modified:	2018-03-26 11:57 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2015-01-07 13:09:21 UTC
Embargoed:

Attachments	(Terms of Use)
ssl.conf (9.73 KB, text/plain) 2015-01-07 11:52 UTC, Libor Fuka	no flags	Details
httpd.log (260 bytes, text/plain) 2015-01-07 11:52 UTC, Libor Fuka	no flags	Details
View All

Description Libor Fuka 2015-01-07 11:52:19 UTC

Created attachment 977222 [details]
ssl.conf

Description of problem:
When I want to use per-directory mod_ssl ca configuration in httpd 2.4 I receive error 'Your SSL library does not have support for per-directory CA' in httpd.log.
httpd.log and ssl.conf attached

Is it expected behaviour in httpd2.4 mod_ssl ?

Comment 1 Libor Fuka 2015-01-07 11:52:47 UTC

Created attachment 977223 [details]
httpd.log

Comment 2 Libor Fuka 2015-01-07 11:53:54 UTC

I found some informations about the same issue here:
BZ 916345

Comment 3 Jean-frederic Clere 2015-01-07 13:09:21 UTC

It is the excepted behaviour.

Comment 4 Paul 2018-03-26 10:02:45 UTC

Jean-frederic Clere, why this should be the excepted behaviour in the first place?

Let's think of this scenario:

I have SSL working on my website (free one, from Let's Encrypt) and on a certain directory I would like to authenticate potential web users through SSL client certificate.

So in my config file, the <Directory> directive it should permit to declare another CA file, my OWN CA file.. not Let's Encrypt CA file, not system CA file, not any other CA file.

My certificate is self signed, so is not needed to be sign/enrolled in a public CA file.

Comment 5 Jean-frederic Clere 2018-03-26 11:57:10 UTC

It must be the excepted behaviour because the CA is associated to the server not to a directory, the CA belongs to a hostname/ip/port not to a location.

Note You need to log in before you can comment on or make changes to this bug.