Package: lighttpd Version: 1.4.31-4+deb7u1 Severity: important I am running a webserver that only offers https and normally requires client certificates. When I install the security upgrade 1.4.31-4+deb7u1 and restart lighttpd, with some delay (when I keep hitting reload in a client, it works 5-10 times) no more connections with client certificates succeed.
Firefox reports "connection was interrupted", chrome ERR_SSL_PROTOCOL_ERROR, lighttpd's error log fills with messages saying: (connections.c.305) SSL: 1 error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized "regualar" https-Connections (w/o client certificate) continue to work. After restarting lighttpd, everything works again for a little while, then trouble starts again. With lighttpd 1.4.31-4 everything works fine; this problem definitely has been introduced with the security patches for 1.4.31-4+deb7u1. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org