Red Hat Bugzilla – Bug 970792
SSLVerifyClient set to optional_no_ca by default
Last modified: 2015-05-14 19:20:44 EDT
Description of problem:
SSLVerifyClient is being set to optional_no_ca by default.
This is a problem for users that have 2+ client certs (like apparently iOS developers).
For our summit keynote, we had to comment this line out in order to get rid of the browser popup.
Version-Release number of selected component (if applicable):
very if you have 2+ client certs
Steps to Reproduce:
1. Create an app
2. Add ssl to the app
3. On a browser (we used chrome) with 2+ client certs installed, go to the app
4. notice the popup in your browser
browser pop up
no pop up
Master pull request:
Stage pull request:
Commit pushed to master at https://github.com/openshift/origin-server
Bug 970792 - The SSLVerifyClient stanza causes browser popups.
I was able to reproduce this on devenv-stage_353. It was a certificate popup.
Verified this on STG with the same chrome browser with more than 2 client certs added, there is no popup now.
1. Create an applciation
2. Add alias and ssl
3. add the app's ip and alias to /etc/hosts
4. Access this app via https://$alias/
No popup when app is being accessed.
Will mark this bug as verified when it's ON_QA, thanks.
This bug has been verified according to comment 3.