httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nathan Friess <>
Subject Re: [PATCH] SSL, POST, and renegotiation
Date Mon, 10 Jun 2002 23:50:41 GMT
From: "Justin Erenkrantz" <>
Sent: Monday, June 10, 2002 4:30 PM
> On Mon, Jun 10, 2002 at 04:20:06PM -0600, Nathan Friess wrote:
> > A while back I started working with the httpd sources in attempt to
> > the missing code for POSTing over SSL when renegotiation is required.  I
> > made the necessary changes, tested the code using several 1 to 30
> > binary files, and it seems to work nicely.
> Um, what problem are you seeing?  -- justin

AFAIK, this situation isn't implemented yet for 2.x.  Currently, the server
just returns a 'forbidden' response.  There's a long comment in
modules/ssl/ssl_engine_kernel.c which explains it all.  I'm running some
scripts which accept data from posts, and I'd like to be able to use them
over https where the clients use certificates to authenticate.  A
renegotiation is required when the certificate must be presented for only
certain URLs.  Since I made the changes -- at least for my own use -- I
thought I'd see if they make sense and could be actually used for the
mainstream sources.  By the way, I noticed that there is less of a problem
with clients running Mozilla, since Mozilla seems to send the certificate
without asking.  IE first tries without the certificate, and then

> P.S.  core_request_config->bb shouldn't be used at all.

Oh, i see.  May I ask for some general overview of reasoning here?  How else
may the data be passed around, short of creating a hook or adding onto a
structure?  It was my _guess_ that this could be used, since
ap_get_client_block() uses it already, no change would be required for that


View raw message