httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin <>
Subject Re: Status of Bug # 39243
Date Sun, 04 Mar 2007 02:39:45 GMT
Ruediger Pluem wrote:
> No, currently there are no plans to change this. Please have a look at

Do I understand correctly from this comment that if a user connects to 
the site using a client certificate, and if the SSLClientVerify step 
happens before the attempted post operation, that the problem won't 
occur?  If so, then I should be home free, because with plone, one must 
GET a page first, before POSTing any data using the form in question.

With regard to this comment:

Would someone be so kind as to interpret that code snippet for me?  Is 
that a patch that I could apply to 2.2.4 apache sources and set a config 
parameter SSL_MAX_IO_BUFFER in some appropriate context in my config 
files, and thus eliminate the problem for myself (if exposing myself to 
the DoS vulnerability---I have a very small and trustworthy user base)?

Is this the patch that redhat is using?  Or is there another patch to 
remove this limitation?

Many thanks for your detailed replies.


View raw message