httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 39705] New: - Bug in Apache2.0 mod_ssl which prevents from jointly treating method POST with an authentification customer by certificate?
Date Fri, 02 Jun 2006 11:56:56 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39705>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39705

           Summary: Bug in Apache2.0 mod_ssl which prevents from jointly
                    treating method POST with an authentification customer
                    by certificate?
           Product: Apache httpd-2
           Version: 2.0.58
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: cc.chen@fsd.com.my


I find this article at internet and I am facing the same problem as mentioned 
in the article below. I would like know whether Apache did come out the fix 
for the below problem. Thanks alot.



##########################
There is a bug in Apache2.0 mod_ssl which prevents from jointly treating 
method POST with an authentification customer by certificate.

The problem appears when the level of authentification (SSLVerifyClient) is 
higher on the level of a Location directive than on the level of the virtual 
host.

The message which appears in the logs is then 
[error] SSL Re-negotiation in conjunction with POST method not supported! \ 
nhint: try SSLOptions +OptRenegotiate

Possible parades:


To use a as constraining directive on the level of the virtual host as in the 
directive hiring (walk with optional)
to use a special port for the forms requiring method POST and SSLVerifyClient. 
To bring the SSLVerifyClient directive to the level of the virtual host. The 
directive is then extended to all the virtual host
############################

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message