10 Jun
2011
10 Jun
'11
12:03 a.m.
Alan Buxey wrote:
# If check_cert_issuer is set, the value will # be checked against the DN of the issuer in # the client certificate. If the values do not # match, the cerficate verification will fail, # rejecting the user.
That's only for the client cert.
(0) <<< TLS 1.0 Handshake [length 08b8], Certificate (0) chain-depth=1,
That's the issue: depth=1. If it was zero, then the check_cert_issuer code would apply. Which certificate is being checked here? Where did it come from? Alan DeKok.