From: "Justin Erenkrantz" <[EMAIL PROTECTED]> Sent: Monday, June 10, 2002 4:30 PM > On Mon, Jun 10, 2002 at 04:20:06PM -0600, Nathan Friess wrote: > > A while back I started working with the httpd sources in attempt to create > > the missing code for POSTing over SSL when renegotiation is required. I > > made the necessary changes, tested the code using several 1 to 30 megabyte > > binary files, and it seems to work nicely. > > Um, what problem are you seeing? -- justin
AFAIK, this situation isn't implemented yet for 2.x. Currently, the server just returns a 'forbidden' response. There's a long comment in modules/ssl/ssl_engine_kernel.c which explains it all. I'm running some scripts which accept data from posts, and I'd like to be able to use them over https where the clients use certificates to authenticate. A renegotiation is required when the certificate must be presented for only certain URLs. Since I made the changes -- at least for my own use -- I thought I'd see if they make sense and could be actually used for the mainstream sources. By the way, I noticed that there is less of a problem with clients running Mozilla, since Mozilla seems to send the certificate without asking. IE first tries without the certificate, and then renegotiates. > > P.S. core_request_config->bb shouldn't be used at all. > Oh, i see. May I ask for some general overview of reasoning here? How else may the data be passed around, short of creating a hook or adding onto a structure? It was my _guess_ that this could be used, since ap_get_client_block() uses it already, no change would be required for that function. Nathan
