[Mod_nss-list] hello, and problem 1
Jennings, Jared L CTR USAF AFMC 46 SK/CCI
jared.jennings.ctr at eglin.af.mil
Mon May 9 14:56:55 UTC 2011
> > My question is this: As you'll see below, I set NSSVerifyClient
> > require at the top level. How is it possible that there is no client
> > certificate associated with a connection?
>
> Right, I'll have to take a look to see whether we aren't configuring
> the SSL socket to require a client cert or we are somehow not storing
a
> copy of it in the request. I believe NSS should reject the connection
if a
> client cert is required and one is not presented.
>
> In this case did you provide a valid client cert?
I provided a valid client cert for the original connection, then hit
Refresh in the browser. This is Firefox 3.6.17; its normal behavior is
that once you choose a certificate for a site, it won't ask you again in
the same browsing session, and it will silently keep presenting the same
certificate you chose for that server in ensuing connections.
So I have no a priori evidence that a client cert was presented in the
second connection, but I think there was a client cert. I'll see if I
can make that more sure.
More information about the Mod_nss-list
mailing list