I know this has been raised before but please read on.

Currently AFAIK client certificate expiry checking is
done by openssl and the connection is terminated
before apache comes into play, hence no error page can
be sent. This is a problem as IE doesn't tell the user
the client certificate is expired. Hence the user
experiences a horrible disconnect page (not nice for
issue tracking either as its pretty generic).

Both Netscape and IIS can send back an error to the
browser under this condition. The company I work for
would also like apache to be able to do this. There is
a good possiblity that the changes would be funded.

I'm looking for someone who has experience with
apache/mod_ssl/openssl to give an idea on the
feasibility and a time estimate to do the work.
Suggestions on who could do this are also welcome.


Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org