try with current cvs and 'SSLOptions +OptRenegotiate' configured. with this option enabled, modssl will use the client cert from the ssl session cache if one was not already sent by the client. in this case, modssl will not need to read from the client since full renegotiation is by-passed. this of course requires that you have SSLSessionCache of some sort enabled. and that your client either sends a cert automatically or is first requested to send one during a GET request, from which point the cert will be in the session cache when any POST happens afterwards.
as for supporting POST where client cert is required on a per-location basis and OptRenegotiate is not enabled, i think any solution will be very painful to get right. when POST data is small, setting it aside in memory isn't so bad, but allowing large POSTs before the client has actually been authenticated leaves open potential DOS attacks. saving large POSTs to disk would likely result in more potential badness.
