[ANNOUNCE] mod_ssl 2.8.24-1.3.33

A subtle security bug (CAN-2005-2700) was discovered in mod_ssl where
where "SSLVerifyClient require" was not enforced in per-location context
if "SSLVerifyClient optional" was configured in the global virtual
host configuration. This bug is now fixed in mod_ssl 2.8.24 for Apache
1.3.33. Get it from:

o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/

Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org