httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Collyer <scoll...@netspinner.co.uk>
Subject Re: [users@httpd] SSLVerifyClient, per directory access, POST and renegotiation failed
Date Sat, 18 Feb 2006 09:49:01 GMT
Pierre Couderc wrote:
> I want to give an access to users  controlled by client certificates on 
> a per directory basis.
> 
> It seems that there is a recurrent bug in mod_ssl the traces of which I 
> have found on the WEB and in  apache bugzilla, which has for result to  
> give an error  with a bad answer  to the browser and a "renegotiation 
> failed" in the logs.
> 
> My question is, is there an uptodate synthetic howto describing how to 
> do that?
> Else, did someone success doing an access by client certificates,  with 
> some directories where the certificate is not required, and using POSTs?

I'm not sure what problem you're seeing, but it sounds suspiciously
like an extant POST-with-client-certificate bug that I ran into
recently.

It seems that anything in Apache2 less recent than Apache
2.2 can't handle POSTs together with client certs under some
circumstances (though there is a patch that should fix the problem
for earlier versions). I believe that there was no such problem
with Apache 1.3.x though I haven't tested it.

I've had client certs and POST working without problem with 2.2
so if you can upgrade to that, it's probably the quickest fix.

If you look back a few weeks in the archives for this list you'll
see a thread where Joe Orton posts a reference for the patch for
Apache 2.0.x, should you need to stick with that.

-- 
Regards

Stephen Collyer
Netspinner Ltd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message