'Re: Client Auth with S/MIME certificates - certificate purpose problem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modssl
Subject:    Re: Client Auth with S/MIME certificates - certificate purpose problem
From:       Yaroslav <yaroslav.pogrebnyak () comodo ! od ! ua>
Date:       2010-02-12 13:35:44
Message-ID: 4B755930.9030901 () comodo ! od ! ua
[Download RAW message or body]

I found a solution, it looks like a dirty hack and making a security 
hole, but it works for our custom purposes. So I don't recommend to use 
this way. Somehow it may be interested for somebody.
It's needed to patch openssl.
In 'openssl/ssl/ssl_cert.c' file, in 'ssl_verify_cert_chain' function
replace

X509_STORE_CTX_set_default(&ctx,
           s->server ? "ssl_client" : "ssl_server");

  by

X509_STORE_CTX_set_default(&ctx, "any");

Yaroslav
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic