Hi,

just a question about the mod_ssl in Apache2.2:

I am currently porting an application that makes use of client
certificates from Apache1.3 to Apache2.2.

Apache1.3 used a whitelisting mechanism, i.e. a certificate was
accepted only if was listed in /etc/ssl/certs.



In contrast, Apache2.2 does not seem to do any whitelisting, instead
it checks a CRL file in /etc/ssl/revoke, i.e. does a blacklisting.

Is there any chance to have whitelisting with Apache2.2 (except for
self-programming)?

regards
Hadmut
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org