httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin <li...@gnosysllc.com>
Subject Re: Status of Bug # 39243
Date Sun, 04 Mar 2007 00:31:10 GMT
Ruediger Pluem wrote:
> 
> On 03/03/2007 09:50 PM, Kevin wrote:
>> Hi List-
>>
>> This isn't a support question, so please don't ignore it.
>>
>> It's a legitimate dev-type question on the status of an open bug that I
>> don't see answers to on bugzilla at:
>>
>> http://issues.apache.org/bugzilla/show_bug.cgi?id=39243
>>
>> Can anyone share any sort of status on this bug?
>>
>> I'm running into this bug with 2.2.3 and plone (as indicated in my
>> comment on bugzilla), and it really puts a huge damper on what I can do
>> with plone.
> 
> From your comments in bugzilla I am not really sure if you are working with client
> certificates (I see you talking about SSL in general only).

Sorry, I should have added that.  I'm not working with any client 
certificates at all.  The only certificate in the picture is the server 
certificate.  Now, there are some Rewrite rules going on, to get the 
connection from real_ip_address:443 to localhost:8080 (where zope is 
listening).  And zope/plone allow for authentication to be done using 
the contents of an LDAP Directory, and that is in the picture too.  This 
LDAP aspect does not seem to be a factor though, because two sites that 
I operate both suffer from this bug, and one uses LDAP-authentication 
and the other uses native plone-based authentication.

I've tried this with two different browsers: current versions of Mozilla 
Firefox and Mozilla Camino in OSX so I'm quite sure that there is no 
hidden client certificate negotiation going on between browser and server.

> And even if you are
> working with client certificates this only affects you in the case that you
> are using Directory or Location based client certificates which require a SSL renegotiation.

Well, I don't know how zope/plone implement this behavior, but uploading 
content in a plone site is done by filling out a form and pressing the 
"Save/Send" button in the plone site.  What happens after I press that 
button I'm not sure.  I've posted this comment to the plone.users list 
also, and have generated some interest there.  Perhaps the plone and 
apache folks should be talking to each other on this.  What would be the 
best way to facilitate that?  Is list cross-posting discouraged?

> Plus your POST request needs to be the first operation during your connection
> to this Location / Directory.

My last comment above applies here too.

> 
>> Surely there are other people that are suffering consequences of this
>> bug, no?  How are you working around it?
>>
>> Are there any plans to resolve this any time soon?  I'm guessing it's
> 
> No, currently there are no plans to change this. Please have a look at
> 
> http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c3
> http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c7
> http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c14
> 

Thanks for your reply.  I will elaborate my bugzilla post to include the 
absence of client certificate involvement.

-Kevin


Mime
View raw message