httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Couderc <>
Subject Re: [users@httpd] SSLVerifyClient, per directory access, POST and renegotiation failed
Date Sat, 18 Feb 2006 11:14:14 GMT
Thank you, I have seen traces of this bug on the web and particularly in
It seems well known and I thank you to confile me that there is no 
solution before 2.2.... Now I think that my problem is that I am using 
Apache 2.0 included in debian sarge,and that the patch has not been  

Stephen Collyer a écrit :

> Pierre Couderc wrote:
>> I want to give an access to users  controlled by client certificates 
>> on a per directory basis.
>> It seems that there is a recurrent bug in mod_ssl the traces of which 
>> I have found on the WEB and in  apache bugzilla, which has for result 
>> to  give an error  with a bad answer  to the browser and a 
>> "renegotiation failed" in the logs.
>> My question is, is there an uptodate synthetic howto describing how 
>> to do that?
>> Else, did someone success doing an access by client certificates,  
>> with some directories where the certificate is not required, and 
>> using POSTs?
> I'm not sure what problem you're seeing, but it sounds suspiciously
> like an extant POST-with-client-certificate bug that I ran into
> recently.
> It seems that anything in Apache2 less recent than Apache
> 2.2 can't handle POSTs together with client certs under some
> circumstances (though there is a patch that should fix the problem
> for earlier versions). I believe that there was no such problem
> with Apache 1.3.x though I haven't tested it.
> I've had client certs and POST working without problem with 2.2
> so if you can upgrade to that, it's probably the quickest fix.
> If you look back a few weeks in the archives for this list you'll
> see a thread where Joe Orton posts a reference for the patch for
> Apache 2.0.x, should you need to stick with that.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message