Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle non-leaf certificates present in SSLProxyMachineCertificateFile #403

Closed
wants to merge 1 commit into from
Closed

Handle non-leaf certificates present in SSLProxyMachineCertificateFile #403

wants to merge 1 commit into from

Conversation

notroj
Copy link
Collaborator

@notroj notroj commented Jan 31, 2024

Backport of 4c13b96

Treat non-leaf certificates present in SSLProxyMachineCertificateFile
the same was as non-leaf certs are in SSLCertificateFile - use them to build the trusted cert chain for the end-entity (client) cert.

* modules/ssl/ssl_engine_init.c (ssl_init_proxy_certs): For any non-leaf certificate present in the configured, trust as if used in SSLProxyMachineCertificateChainFile.

@notroj
Treat non-leaf certificates present in SSLProxyMachineCertificateFile
4438d47 
the same was as non-leaf certs are in SSLCertificateFile - use them to
build the trusted cert chain for the end-entity (client) cert.

* modules/ssl/ssl_engine_init.c (ssl_init_proxy_certs):
  For any non-leaf certificate present in the configured, trust as
  if used in SSLProxyMachineCertificateChainFile.

Github: closes apache#151

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884552 13f79535-47bb-0310-9956-ffa450edef68
asfgit pushed a commit that referenced this pull request Feb 9, 2024
@notroj
Merge r1884552 from trunk:
4e29445 
Treat non-leaf certificates present in SSLProxyMachineCertificateFile
the same was as non-leaf certs are in SSLCertificateFile - use them to
build the trusted cert chain for the end-entity (client) cert.

* modules/ssl/ssl_engine_init.c (ssl_init_proxy_certs):
  For any non-leaf certificate present in the configured, trust as
  if used in SSLProxyMachineCertificateChainFile.

Github: closes #403
Reviewed by: jorton, gbechis, jfclere


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1915679 13f79535-47bb-0310-9956-ffa450edef68
@notroj
Copy link
Collaborator Author

notroj commented Feb 9, 2024

Merged in 4e29445

@notroj notroj closed this Feb 9, 2024
@notroj notroj deleted the ssl-proxy-client-chain branch February 9, 2024 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@notroj