response.c: set SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN #63
Commits on Jun 5, 2016
-
response.c: set SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN
SSL_CLIENT_VERIFY is set to "NONE", "SUCCESS" or "FAILED:reason". This is compatible with Apache's mod_ssl variable of the same name. SSL_CLIENT_S_DN is set to the oneline version of the client certificate subject's distinguished name and may be used as a setting for the ssl.verifyclient.username config option. When Apache's mod_ssl is configured to use 'FakeBasicAuth' it uses the SSL_CLIENT_S_DN value for the username (that ultimately may end up in REMOTE_USER). The value that will be set for SSL_CLIENT_S_DN may be determined using the `openssl x509 -noout -subject -in <cert.pem>` command. Signed-off-by: Kyle J. McKay
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.