If you have a better installation or one that is proven to work.  Also please
let us know if there is a better or more efficient way to do what we're trying
to do here.  Technologies change over time, keep us up to date ;)

Alias /repo/pkgs/ /repo/pkgs/

   <Directory /repo/pkgs/>
       SSLVerifyClient optional
       SSLVerifyDepth 1
       SSLOptions +StrictRequire +StdEnvVars +OptRenegotiate
        # require that the access comes from internal or that
        # the client auth cert was created by us and signed by us
       SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
                  and %{SSL_CLIENT_S_DN_O} eq "Fedora Project" \
                  and %{SSL_CLIENT_I_DN_O} eq "Fedora Project" \
                  and %{SSL_CLIENT_I_DN_OU} eq "Upload Files" )
   </Directory>

   <Location "/repo/pkgs/upload.cgi">
       SetHandler cgi-script
        Options ExecCGI
        Order Allow,Deny
        Allow from all
        SSLRequireSSL
    </Location>