DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355 SSLVerifyClient directive in location make post to PHP script impossible ------- Additional Comments From [EMAIL PROTECTED] 2003-04-08 17:10 ------- When configured for client certificate authentication, POST method fails after KeepAlive timeout - if KeepAlive is disabled, POST method always fails. SSLOptions +OptRenegotiate does not fix the problem. Server: Apache/2.0.45 (Unix) mod_ssl/2.0.45 OpenSSL/0.9.7a AIX 4.3.3 I have tested IE 5.5, Netscape 4.8, Netscape 7, and Mozilla 1.3 - All browsers seem to be affected. Log files can be found below. IE 5.5 generates a segfault of the child and a 302 error along with the general symptoms - details of this can be found in the logs below. -------------------------------------------------------------------------------------------------- Configuration excerpts: KeepAlive On KeepAliveTimeout 15 SSLSessionCache dbm:/var/adm/httpd.ssl.cache SSLSessionCacheTimeout 300 SSLMutex file:/var/adm/httpd.ssl.mutex <Directory /docs/clientcert> SSLOptions +StdEnvVars +ExportCertData +OptRenegotiate SSLVerifyClient require SSLVerifyDepth 2 SSLRequire %{SSL_CLIENT_CERT} eq file("<certfile>") \ or %{SSL_CLIENT_CERT} eq file("<certfile>") Order Deny,Allow Deny from all Allow from 1.1.1.1 </Directory> -------------------------------------------------------------------------------------------------- HTML files used for testing: $ cat index.html <HTML> <BODY> Hello client cert <FORM action=index2.html method=post> <INPUT value="Post to index2.html" type=submit> </FORM> </BODY> </HTML> $ cat index2.html <HTML> <BODY> Hello client cert - index2 <FORM action=index.html method=post> <INPUT value="Post to index.html" type=submit> </FORM> </BODY> </HTML> -------------------------------------------------------------------------------------------------- VH access log: 2.2.2.2 - - [07/Apr/2003:14:23:57 -0700] "GET /clientcert/index.html HTTP/1.1" 200 140 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" GET /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:24:03 -0700] "POST /clientcert/index2.html HTTP/1.1" 200 144 "https://test.domain.com/clientcert/index.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index2.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:24:03 -0700] "POST /clientcert/index.html HTTP/1.1" 200 140 "https://test.domain.com/clientcert/index2.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:24:04 -0700] "POST /clientcert/index2.html HTTP/1.1" 200 144 "https://test.domain.com/clientcert/index.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index2.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:24:05 -0700] "POST /clientcert/index.html HTTP/1.1" 200 140 "https://test.domain.com/clientcert/index2.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:24:06 -0700] "POST /clientcert/index2.html HTTP/1.1" 200 144 "https://test.domain.com/clientcert/index.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index2.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:24:07 -0700] "POST /clientcert/index.html HTTP/1.1" 200 140 "https://test.domain.com/clientcert/index2.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:14:25:12 -0700] "POST /clientcert/index2.html HTTP/1.1" 405 244 "https://test.domain.com/clientcert/index.html"; "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312" POST /clientcert/index2.html - "HTTP/1.1" (-) VH error log: [Mon Apr 07 14:25:12 2003] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate -------------------------------------------------------------------------------------------------- With Internet Explorer 5.5: VH access log: 2.2.2.2 - - [07/Apr/2003:15:46:15 -0700] "GET /clientcert/ HTTP/1.1" 302 227 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" GET /clientcert/ - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:16 -0700] "GET /clientcert/ HTTP/1.1" 200 140 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" GET /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:24 -0700] "POST /clientcert/index2.html HTTP/1.1" 200 144 "https://test.domain.com/clientcert/"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index2.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:25 -0700] "POST /clientcert/index.html HTTP/1.1" 200 140 "https://test.domain.com/clientcert/index2.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:26 -0700] "POST /clientcert/index2.html HTTP/1.1" 200 144 "https://test.domain.com/clientcert/index.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index2.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:27 -0700] "POST /clientcert/index.html HTTP/1.1" 200 140 "https://test.domain.com/clientcert/index2.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:28 -0700] "POST /clientcert/index2.html HTTP/1.1" 200 144 "https://test.domain.com/clientcert/index.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index2.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:29 -0700] "POST /clientcert/index.html HTTP/1.1" 200 140 "https://test.domain.com/clientcert/index2.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index.html - "HTTP/1.1" (-) 2.2.2.2 - - [07/Apr/2003:15:46:58 -0700] "POST /clientcert/index2.html HTTP/1.1" 405 244 "https://test.domain.com/clientcert/index.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)" POST /clientcert/index2.html - "HTTP/1.1" (-) VH error log: [Mon Apr 07 15:46:15 2003] [error] Re-negotiation handshake failed: Not accepted by client!? [Mon Apr 07 15:46:58 2003] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate Server error log: [Mon Apr 07 15:46:16 2003] [notice] child pid 28262 exit signal Segmentation fault (11) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
