[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#940144: developers-reference: document self-service givebacks in wanna-build section

>>>>> "Philipp" == Philipp Kern <phil@philkern.de> writes:

    Philipp> I'm told it was broken by the upgrade of Apache - apparently it can no
    Philipp> longer do per path client certificate authentication. There is a
    Philipp> pending RT ticket from DSA to fix that but I don't think there is
    Philipp> anything I can do at the moment - except turn on SSO for the whole
    Philipp> vhost. Maybe that could even be a workaround for now and we could
    Philipp> check if someone is annoyed by that. :)

TLS dropped the facilities necessary to do that.
Ultimately you'll need a vhost for stuff that requires client certs and
other vhosts that do not.
The user experience of having a site request client certs when you don't
have one to give is really bad in some browsers.

Client certs really kind of are the unloved step child of web
authentication.
Reply to: