Integer directory in httpd 2.4 (mod_ssl)

Question

Integer directory in httpd 2.4 (mod_ssl)

was there support for CA files for each directory deleted in httpd 2.4?

<Location /directory> Require valid-user SSLVerifyClient require SSLVerifyDepth 5 SSLCACertificateFile /path/to/ca.crt </Location>

This snippet works in accordance with httpd 2.2.29, but is not valid for httpd 2.4.10 because "your SSL library does not support CA for each directory." Unfortunately, I could not find any evidence that there were any changes (there is no mention in the release notes, the documentation for mod_ssl is the same), maybe this is an error?

Compiled on RHEL, "./configure --with-included-apr --enable-so --with-crypto --enable-ssl", openssl 1.0.1e (16.el6_5.15)

+5

apache openssl mod-ssl

DarkKnightCZ Oct 17 '14 at 6:10

source share

2 answers

It happens to me; with Apache 2.2.25, the SSLCACertificateFile directive SSLCACertificateFile correctly in the <location> .

However, it seems that in 2.4 no. After some attempts, I can do this by putting the SSLCACertificateFile inside <VirtualHost> instead of <location> .

So in Apache 2.4 use:

 <VirtualHost localhost:443> SSLCACertificateFile /path/to/ca.crt <Location /directory> ... </Location> </VirtualHost>

Instead:

 <VirtualHost localhost:443> ... <Location /directory> SSLCACertificateFile /path/to/ca.crt ... </Location> </VirtualHost>

Hope this helps,

+1

albciff Feb 18 '16 at 14:15

source share

Onnonymous · Accepted Answer · 2015-04-24T15:07:32+0000

It looks like behavior expected according to RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179716

Integer directory in httpd 2.4 (mod_ssl)

More articles: