problem with client certificates
Hello, im using client certificates to authenticate myself with FakeBasicAuth to my webserver. This works quite fine. But there is one case where it doesnt work. When i open my website and then wait a little time (1-2 minutes) and then do a POST to upload a file i get an [error] Re-negotiation handshake failed: Not accepted by client!? error. Heres the log: 192.168.88.3 - /C=.../ST=.../O=.../CN=.../emailAddress=... [11/Jun/2009:16:34:29 +0200] GET /images/smilies/thumbsdown.gif HTTP/1.1 200 1130 [Thu Jun 11 16:36:25 2009] [error] Re-negotiation handshake failed: Not accepted by client!? 192.168.88.3 - - [11/Jun/2009:16:36:25 +0200] POST /upload2.php?filetoupload=lalala HTTP/1.1 103 - Whats the problem here? I thought that maybe this is some sort of timeout problem, but the only one i found was SSLSessionCacheTimeout and that is set like this: SSLSessionCacheshmht:/var/lib/apache2/ssl_scache(512000) SSLSessionCacheTimeout 600 So its more than 2 minutes. Also i forgot to mention that when the POST failed and i then load my page again (sending the POST doesnt work here) and then quickly POST again then it works. Thank you for your help. Regards, Pepe -- GMX FreeDSL Komplettanschluss mit DSL 6.000 Flatrate und Telefonanschluss für nur 17,95 Euro/mtl.!* http://portal.gmx.net/de/go/dsl02 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Managermajord...@modssl.org
Weird problem with client certificates
Hello, we are running Apache 2.0.53 with openssl 0.9.7e on linux. There's a weird problem using client certificates. When accessing /srv/www/ssldocs/secure via https://www.domain.com/secure there's absolutely no client certificate checked. Access is possible without valid cert. My vhost is written like shown on modssl.org, I tried every possible combination, but no success. After reading numerous faq's and bbs and finding nothing about that problem, I wanted to ask, if anybody knows about this problem or has as solution for this. Thanks alot so far, Alex VirtualHost *:443 DocumentRoot /srv/www/ssldocs ServerName SSL SSLEngine on SSLCipherSuite HIGH:MEDIUM SSLOptions +StdEnvVars +StrictRequire SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key SSLVerifyClient none SSLVerifyDepth 5 SSLCACertificateFile /etc/apache2/ssl.crt/clientca.crt SSLCACertificatePath /etc/apache2/ssl.crt Directory /srv/www/ssldocs/secure SSLVerifyClient require SSLRequireSSL /Directory /VirtualHost __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
problem with client certificates and directory
Hi there, I am trying to configure a server so that a client certificate is required to access a directory. Although it denies access without a proper certificate if I use SSLVerifyClient globally, it won't work for a directory only. That means after accessing the main dir (without client authentication) and the using a hyperlink to a document 1 dir below the server won't ask for a clien certificate. What did I miss? For the directory deny from all, SSLVerifyClient require and SSLOptions StrtictRequire are turned on. Thanks for the help! Timo __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]