how to nest SSLRequire

Hi,

I tried to nest two with SSLRequire entries:


SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{SSL_CLIENT_S_DN_O} eq "user" )




SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{SSL_CLIENT_S_DN_O} eq "Global" )




But I got a 403 when I tried to access the /htdocs-ssl/user/ with a certificate, which
have the organisation entry "user".

It's the same with , ...


any ideas ?

Thanks in advance
Hendrik



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to nest SSLRequire

On Wed, Aug 20, 2003 at 10:56:11AM +0200, Hendrik Robbel wrote:
> Hi,
>
> I tried to nest two with SSLRequire entries:
>
>
> SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
> and %{SSL_CLIENT_S_DN_O} eq "user" )
>
>
>
>
> SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
> and %{SSL_CLIENT_S_DN_O} eq "Global" )
>
>
>
>
> But I got a 403 when I tried to access the /htdocs-ssl/user/ with a
> certificate, which
> have the organisation entry "user".
>
Why not just use REQUEST_URI as part of your SSLRequire statement
instead of wrapping it in
vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: how to nest SSLRequire

>
> Why not just use REQUEST_URI as part of your SSLRequire statement
> instead of wrapping it in
It works, thank you!

+Hendrik

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org