When doing SSLVerifyCert require then we need to always require the

certificate to match what OpenSSL does.
author: rcritten <> 2005-05-24 21:23:36 +0000
committer: rcritten <> 2005-05-24 21:23:36 +0000
commit: 77042d50c8c2aee91d67186363eeba03d657ecb9 (patch)
tree: 7cbb5f4110b633376d7b690eecac149748ed0875 /nss_engine_init.c
parent: 32a0cc435a9d3c6aee91ab473a3a033a1cd8ba37 (diff)
download: mod_nss-77042d50c8c2aee91d67186363eeba03d657ecb9.tar.gz
mod_nss-77042d50c8c2aee91d67186363eeba03d657ecb9.tar.xz
mod_nss-77042d50c8c2aee91d67186363eeba03d657ecb9.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c
index db98fa3..b2d2c14 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -456,7 +456,7 @@ static void ssl_init_ctx_verify(server_rec *s,
 {
     if (mctx->auth.verify_mode == SSL_CVERIFY_REQUIRE) {
         SSL_OptionSet(mctx->model, SSL_REQUEST_CERTIFICATE, PR_TRUE);
-        SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NO_ERROR);
+        SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_ALWAYS);
     } else if (mctx->auth.verify_mode == SSL_CVERIFY_OPTIONAL) {
         SSL_OptionSet(mctx->model, SSL_REQUEST_CERTIFICATE, PR_TRUE);
         SSL_OptionSet(mctx->model, SSL_REQUIRE_CERTIFICATE, SSL_REQUIRE_NEVER);
author	rcritten <>	2005-05-24 21:23:36 +0000
committer	rcritten <>	2005-05-24 21:23:36 +0000
commit	77042d50c8c2aee91d67186363eeba03d657ecb9 (patch)
tree	7cbb5f4110b633376d7b690eecac149748ed0875 /nss_engine_init.c
parent	32a0cc435a9d3c6aee91ab473a3a033a1cd8ba37 (diff)
download	mod_nss-77042d50c8c2aee91d67186363eeba03d657ecb9.tar.gz mod_nss-77042d50c8c2aee91d67186363eeba03d657ecb9.tar.xz mod_nss-77042d50c8c2aee91d67186363eeba03d657ecb9.zip