Commit 97482d86 authored by Leigh B Stoller's avatar Leigh B Stoller

Merge branch 'master' of

parents 5d29afca 19689a2d
......@@ -1328,7 +1328,14 @@ CustomLog @prefix@/log/apache_ssl_request_log \
SSLCACertificateFile @prefix@/etc/genica.bundle
# Another bundle of CRLs.
SSLCARevocationFile @prefix@/etc/genicrl.bundle
# Must use optional to avoid renegotiation, which is broken.
# THIS HAS TO BE optional! Why? Cause recent security patches disables SSL
# renegotiation, which is needed when a subdir turns on ssl client
# verification (as we used to). Now, we set it to "optional",
# which avoids the renegotiation problem. The backend scripts MUST
# check their environment to ensure they are always invoked by a client
# supplying a verifiable certificate.
SSLVerifyClient optional
# Reject the unencrypted certs that all users get.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment