httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Sully <>
Subject Re: [PATCH] SSL, POST, and renegotiation
Date Tue, 11 Jun 2002 00:07:48 GMT
Once upon a time Nathan Friess shaped the electrons to say...

> AFAIK, this situation isn't implemented yet for 2.x.  Currently, the server
> just returns a 'forbidden' response.  There's a long comment in
> modules/ssl/ssl_engine_kernel.c which explains it all.  I'm running some
> scripts which accept data from posts, and I'd like to be able to use them
> over https where the clients use certificates to authenticate.  A
> renegotiation is required when the certificate must be presented for only
> certain URLs.  Since I made the changes -- at least for my own use -- I
> thought I'd see if they make sense and could be actually used for the
> mainstream sources.  By the way, I noticed that there is less of a problem
> with clients running Mozilla, since Mozilla seems to send the certificate
> without asking.  IE first tries without the certificate, and then
> renegotiates.

This is a problem which I've run into as well. Our "workaround" was to create
another virtual server to which our customers would send POST requests with
certificates to explicitly. This is still a problem for people using SSL
toolkits instead of browsers too. I'd love to see this fix go in for 1.3.x and 2.x

The things you own end up owning you.

View raw message