[mod_gnutls-devel] Certificate-based authentication
marc.ende at ymail.com
Wed May 7 08:20:40 CEST 2014
the same with actual versions:
so i think it might be an configuration issue or (that's also possible) a
misunderstood of the handling of authentication.
Am Mittwoch, 7. Mai 2014, 07:48:40 schrieb Marc Ende:
> I've missed the relevant information:
> apache: 2.2.22
> gnutls: 2.10.5
> mod_gnutls: 0.5.10
> All standard installs by ubuntu 12.04.4 LTS
> > Hi,
> > within one of my servers I use certificate based authentication.
> > Everything works great but without a simple thing:
> > * If I log in with a certificate which is signed by the ca mentioned in
> > GnuTLSClientCAFile the access is granted as expected.
> > * If I log in with a certificate which is NOT signed by the ca mentioned
> > in
> > GnuTLSClientCAFile the access is also granted (not expected).
> > The second one was signed by the CA which has signed the certificate of
> > the
> > webserver himself. I haven't tested this with a certificate which was
> > signed by someone else. But also in this case I wouldn't be happy with
> > the fact that everyone with a signed certificate of this (webserver-)CA
> > has access.
> > May be I've got an issue in my configuration....
> > My configuration:
> > GnuTLSEnable on
> > GnuTLSExportCertificates on
> > GnuTLSPriorities
> > SECURE256:-CIPHER-ALL:+COMP-DEFLATE:-MAC-ALL:-MD5:-
> > ANON-DH:-3DES-CBC:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-AES-256-CBC:-AES-12
> > 8
> > -
> > CBC:+VERS-TLS1.2:+VERS-TLS1.1:+SHA512:+SHA384:+SHA256:+SHA1:+VERS-TLS1.0:
> > +ARCFOUR-128:+CAMELLIA-256-CBC:+AES-256-CBC
> > GnuTLSCertificateFile /etc/apache2/ssl/webserver.cert
> > <-Webserver-CA GnuTLSKeyFile /etc/apache2/ssl/webserver.key
> > GnuTLSClientVerify require
> > GnuTLSClientCAFile /etc/apache2/ssl/site.ca.asc <-ClientCA
> > Thanks for your help
> > Marc
> mod_gnutls-devel mailing list
> mod_gnutls-devel at lists.gnutls.org
More information about the mod_gnutls-devel