unsupported certificate purpose

Hello all,
I'm setting up an https server with apache-1.3.22+mod_ssl-2.8.5+php-4.1.2.
Since I have to check the client certificate at php level I put this line
in httpd.conf:

SSLVerifyClient require

The client certificate has been created with this extension:

nsCertType = server

At client side I'm testing the application with this command:

wget --sslcertfile= --sslcertkey=

This is the error I get:

Unable to establish SSL connection.

This is the apache error_log I get:

[error] mod_ssl: Certificate Verification: Error (26): unsupported
certificate purpose

Is there a way to configure the required client certificate purpose?


Fabio Spataro

ps.
I can solve the problem putting these lines in
mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_init.c

/*
* Configure CTX purpose
*/
SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY);

just before

/*
* Configure Client Authentication details
*/

and rebuilding mod_ssl.

Is there a cleaner way?


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org