[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 61929] New: Configure mod_sll forsend empty distinguished names list


            Bug ID: 61929
           Summary: Configure mod_sll forsend empty distinguished names
           Product: Apache httpd-2
           Version: 2.4.23
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: aleksgrv@xxxxxxxxx
  Target Milestone: ---

We use SSLCACertificateFile for client auth and want send empty  CA DN names
list because SSLCACertificateFile very large and goto limit for
CertificateRequest <0..2^16-1> (more info about it:

rfc 5246, #section-7.4.4:

      A list of the distinguished names [X501] of acceptable
      certificate_authorities, represented in DER-encoded format.  These
      distinguished names may specify a desired distinguished name for a
      root CA or for a subordinate CA; thus, this message can be used to
      describe known roots as well as a desired authorization space.  If
      the certificate_authorities list is empty, then the client MAY
      send any certificate of the appropriate ClientCertificateType,
      unless there is some external arrangement to the contrary.

I think need add support empty SSLCADNRequestFile

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx