[Devel] Patch: cfg.y bug fix - tls_require_client_certificate
has no effect
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Nov 23 16:14:28 CET 2006
Hi!
This is fixed in stable and CVS (and another small bug which had no
impact at all).
Just a question: certificate validation is turned off by default. IMO
this should be turned on by default.
Thus, I suggest changing the default in openser CVS to "validation=on"
and leave it in stable (1.1.x) as it is "validation=off".
What do you think about that?
thanks
klaus
Klaus Darilion wrote:
> Hi!
>
> Thanks - I will take care of it.
>
> regards
> klaus
>
>
>
> phgs at free.fr wrote:
>> Hello,
>>
>>
>> Issue:
>>
>> Whatever the value of tls_require_client_certificate, client
>> certificates are
>> NEVER mandatory to connect using TLS.
>>
>> I added the following lines in the openser.cfg file:
>>
>> tls_verify_client = 1
>> tls_require_client_certificate = 1
>>
>> But after restarting openser, I still could connect without any client
>> certificate and I found this message in the openser logs:
>>
>> Nov 23 15:09:53 localhost openser: TLS: Client verification
>> activated.
>> Client certificates are NOT mandatory.
>>
>>
>> Patch:
>>
>> The value found in the configuration file must be stored in
>> tls_default_server_domain->require_client_cert instead of
>> tls_default_client_domain->require_client_cert.
>>
>>
>> 690c690
>> < tls_default_server_domain->require_client_cert=$3;
>> ---
>>> tls_default_client_domain->require_client_cert=$3;
>>
>>
>> Regards,
>> Philippe
>>
>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
>
>
--
Klaus Darilion
nic.at
More information about the Devel
mailing list