Re: Client Authentication POST Problem
On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote: On Sat, 25 Dec 2004, Adolfo Bello wrote: I heartily agree. Unfortunately, I've been waiting for more than a year for this problem to be fixed in Apache 2.0.x :-( This bug was opened on 2002-09-06 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 Usually the trick to getting something really done around here is to keep reminding somebody until it really gets their attention. :) Anyway I'll forward this on to [EMAIL PROTECTED], and maybe we'll get a taker. It's a particularly annoying problem. The solution in mod_ssl-for-1.3 is not really ideal (it allows a DoS attack of sorts); I spent some time working on a better solution for 2.0 but it didn't seem feasible in the end. It remains on my list of hard problems to fix as time permits... joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Client Authentication POST Problem
Hi, I installed Bugzilla, and the directory it is in has the VerifyClient require and all the Apache directives set in the httpd.conf file. It works fine (the browsers makes me choose a client certificate) but when I submit a form into Bugzilla I get an error to the effect that POST is not allowed, and this appears in the Apache logs: [Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with POST method not supported!\nhint: try SSLOptions +OptRenegotiate I tried the fix recommended in the log message, but it doesn't work. I seemed to make it through one form OK, but then the next one got me the same error message, both displayed by the browser and in the Apache logs. Any other suggestions? Thanks, Dave. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Client Authentication POST Problem
On Sat, 2004-12-25 at 15:37 -0500, David T. Ashley wrote: Hi, I installed Bugzilla, and the directory it is in has the VerifyClient require and all the Apache directives set in the httpd.conf file. It works fine (the browsers makes me choose a client certificate) but when I submit a form into Bugzilla I get an error to the effect that POST is not allowed, and this appears in the Apache logs: [Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with POST method not supported!\nhint: try SSLOptions +OptRenegotiate I tried the fix recommended in the log message, but it doesn't work. I seemed to make it through one form OK, but then the next one got me the same error message, both displayed by the browser and in the Apache logs. Any other suggestions? Thanks, Dave. It just doesn't work in Apache 2.0.x. Use Apache 1.3.x. Adolfo Bello __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Client Authentication POST Problem
On Sat, 25 Dec 2004, Adolfo Bello wrote: It just doesn't work in Apache 2.0.x. Use Apache 1.3.x. That doesn't sound like very good advice... if something is broken in Apache 2.0.x, we should just fix it. :-/ --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Client Authentication POST Problem
On Sat, 2004-12-25 at 21:53 -0500, Cliff Woolley wrote: On Sat, 25 Dec 2004, Adolfo Bello wrote: It just doesn't work in Apache 2.0.x. Use Apache 1.3.x. That doesn't sound like very good advice... if something is broken in Apache 2.0.x, we should just fix it. :-/ --Cliff I heartily agree. Unfortunately, I've been waiting for more than a year for this problem to be fixed in Apache 2.0.x :-( This bug was opened on 2002-09-06 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 Happy Holidays, Adolfo Bello __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Client Authentication POST Problem
On Sat, 25 Dec 2004, Adolfo Bello wrote: I heartily agree. Unfortunately, I've been waiting for more than a year for this problem to be fixed in Apache 2.0.x :-( This bug was opened on 2002-09-06 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 Usually the trick to getting something really done around here is to keep reminding somebody until it really gets their attention. :) Anyway I'll forward this on to [EMAIL PROTECTED], and maybe we'll get a taker. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Client Authentication POST Problem
On Sat, 2004-12-25 at 22:52 -0500, Cliff Woolley wrote: On Sat, 25 Dec 2004, Adolfo Bello wrote: I heartily agree. Unfortunately, I've been waiting for more than a year for this problem to be fixed in Apache 2.0.x :-( This bug was opened on 2002-09-06 http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 Usually the trick to getting something really done around here is to keep reminding somebody until it really gets their attention. :) Anyway I'll forward this on to [EMAIL PROTECTED], and maybe we'll get a taker. --Cliff Wow, that would be really great!!! New hopes to get Back to the Future ;-) Thanks. Adolfo Bello __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]