httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Collyer <scoll...@netspinner.co.uk>
Subject Re: [users@httpd] Apache 2.0.55 SSL and POST problem
Date Tue, 31 Jan 2006 15:12:48 GMT
Joe Orton wrote:
> On Tue, Jan 31, 2006 at 02:42:27PM +0000, Stephen Collyer wrote:
> 
>>Joe Orton wrote:
>>
>>>On Tue, Jan 31, 2006 at 12:34:27PM +0000, Stephen Collyer wrote:
>>>
>>>
>>>>I have an SSL enabled Apache 2.0.55, with a CGI enabled
>>>>Location accessible via SSL.
>>>>
>>>>When I try to execute a POST against this location, I get
>>>>a 405 "Method not allowed" response.
>>>
>>>
>>>This is http://issues.apache.org/bugzilla/show_bug.cgi?id=12355 - which 
>>>was fixed in 2.2.0; you can apply this patch to 2.0.x releases:
>>>
>>>http://issues.apache.org/bugzilla/attachment.cgi?id=16495
>>
>>Joe
>>
>>Thanks - that certainly looks like the problem. I notice that there
>>are some potential workarounds mentioned on that page. Is there
>>an "official" workaround, or should someone with a 2.0 Apache simply
>>bite the bullet and apply the patch ? (or move to 2.2.0 ?)
> 
> 
> Ignore all the patches in the PR other than the one I referenced above - 
> that is the same as the code which went into 2.2.  There is no 
> "official" fix for 2.0 unless and until something gets committed, but 
> the above patch is as close as you'll get until then.
> 

Right. Howver, by "workaround" I was referring to a configuration
change (maybe adding that SSLOptions +OptRenegotiate ?).

I'm unclear as to why the error message suggests a config fix, but
a patch is necessary - I guess the question is, if I can fix the
problem by changing the config (and it's not clear to me yet if I can),
what does the patch buy me ? The closing of a security hole maybe ?

-- 
Regards

Stephen Collyer
Netspinner Ltd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message