httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Couderc <pie...@couderc.cc>
Subject Re: [users@httpd] SSLVerifyClient, per directory access, POST and renegotiation failed
Date Sat, 18 Feb 2006 11:14:14 GMT
Thank you, I have seen traces of this bug on the web and particularly in 
http://issues.apache.org/bugzilla/show_bug.cgi?id=12355.
It seems well known and I thank you to confile me that there is no 
solution before 2.2.... Now I think that my problem is that I am using 
Apache 2.0 included in debian sarge,and that the patch has not been  
backported...

Stephen Collyer a écrit :

> Pierre Couderc wrote:
>
>> I want to give an access to users  controlled by client certificates 
>> on a per directory basis.
>>
>> It seems that there is a recurrent bug in mod_ssl the traces of which 
>> I have found on the WEB and in  apache bugzilla, which has for result 
>> to  give an error  with a bad answer  to the browser and a 
>> "renegotiation failed" in the logs.
>>
>> My question is, is there an uptodate synthetic howto describing how 
>> to do that?
>> Else, did someone success doing an access by client certificates,  
>> with some directories where the certificate is not required, and 
>> using POSTs?
>
>
> I'm not sure what problem you're seeing, but it sounds suspiciously
> like an extant POST-with-client-certificate bug that I ran into
> recently.
>
> It seems that anything in Apache2 less recent than Apache
> 2.2 can't handle POSTs together with client certs under some
> circumstances (though there is a patch that should fix the problem
> for earlier versions). I believe that there was no such problem
> with Apache 1.3.x though I haven't tested it.
>
> I've had client certs and POST working without problem with 2.2
> so if you can upgrade to that, it's probably the quickest fix.
>
> If you look back a few weeks in the archives for this list you'll
> see a thread where Joe Orton posts a reference for the patch for
> Apache 2.0.x, should you need to stick with that.
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message