Fix koji client cert authentication with OpenSSL 1.1.0
Turns out that renegotiation is broken in OpenSSL 1.1.0, so we allow clients to send their certificates (but not require them) from the very first connection on, so that they don't have to renegotiate. Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk
parent
402f919bb3
commit
934cbf8d70
1 changed files with 1 additions and 0 deletions
|
|
@ -24,6 +24,7 @@ Alias /kojifiles "/mnt/koji/"
|
|||
</Directory>
|
||||
{% endif %}
|
||||
|
||||
SSLVerifyClient optional
|
||||
<Location /kojihub/ssllogin>
|
||||
SSLVerifyClient require
|
||||
SSLVerifyDepth 10
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue