httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin <li...@gnosysllc.com>
Subject Re: Status of Bug # 39243
Date Sun, 04 Mar 2007 02:39:45 GMT
Ruediger Pluem wrote:
> 
> No, currently there are no plans to change this. Please have a look at
> 
> http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c14
> 

Do I understand correctly from this comment that if a user connects to 
the site using a client certificate, and if the SSLClientVerify step 
happens before the attempted post operation, that the problem won't 
occur?  If so, then I should be home free, because with plone, one must 
GET a page first, before POSTing any data using the form in question.

With regard to this comment:
http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c12

Would someone be so kind as to interpret that code snippet for me?  Is 
that a patch that I could apply to 2.2.4 apache sources and set a config 
parameter SSL_MAX_IO_BUFFER in some appropriate context in my config 
files, and thus eliminate the problem for myself (if exposing myself to 
the DoS vulnerability---I have a very small and trustworthy user base)?

Is this the patch that redhat is using?  Or is there another patch to 
remove this limitation?

Many thanks for your detailed replies.

-Kevin

Mime
View raw message