httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From masro <ma...@llbc.de>
Subject [users@httpd] old game - method POST not allowed when using SSL client certs
Date Thu, 12 Oct 2006 09:53:47 GMT
Hi List,

i do an update from Apache 2.0.54 to 2.0.59, now i've the following problem:

The following VHOST configuration dosent work, when i use POST requests 
within the secured directory

<VirtualHost *:443>
        ServerName xgames.org
        DocumentRoot "/htdocs/"
        SSLEngine On
        SSLCertificateFile conf/cert/server.crt
        SSLCertificateKeyFile conf/cert/server.key
        SSLCACertificateFile conf/cert/ca-bundle.cer
        SSLVerifyDepth 3
        SSLOptions +StdEnvVars +OptRenegotiate +ExportCertData
        SSLVerifyClient optional
        <Directory /htdocs/secure>
                SSLVerifyClient require
        </Directory>
</VirtualHost>

Got errors like:
[Thu Oct 12 11:09:32 2006] [error] SSL Re-negotiation in conjunction 
with POST method not supported! hint: try SSLOptions +OptRenegotiate

When i use the following configuration it work's. I've to use 
"SSLVerifyClient none" instead of "SSLVerifyClient optional", may it be 
a bug or a feature, possibly im only to stupid, please tell me if i'm a 
dump fool ;-)

<VirtualHost *:443>
        ServerName xgames.org
        DocumentRoot "/htdocs/"
        SSLEngine On
        SSLCertificateFile conf/cert/server.crt
        SSLCertificateKeyFile conf/cert/server.key
        SSLCACertificateFile conf/cert/ca-bundle.cer
        SSLVerifyDepth 3
        SSLOptions +StdEnvVars +OptRenegotiate +ExportCertData
        SSLVerifyClient none
        <Directory /htdocs/secure>
                SSLVerifyClient require
        </Directory>
</VirtualHost>

Why i can't use "SSLVerifyClient optional" ?

regards
Christian Gottschalch

 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message