Ruediger Pluem wrote:
On 03/03/2007 09:50 PM, Kevin wrote:
Hi List-
This isn't a support question, so please don't ignore it.
It's a legitimate dev-type question on the status of an open bug that I
don't see answers to on bugzilla at:
http://issues.apache.org/bugzilla/show_bug.cgi?id=39243
Can anyone share any sort of status on this bug?
I'm running into this bug with 2.2.3 and plone (as indicated in my
comment on bugzilla), and it really puts a huge damper on what I can do
with plone.
From your comments in bugzilla I am not really sure if you are working with
client
certificates (I see you talking about SSL in general only).
Sorry, I should have added that. I'm not working with any client
certificates at all. The only certificate in the picture is the server
certificate. Now, there are some Rewrite rules going on, to get the
connection from real_ip_address:443 to localhost:8080 (where zope is
listening). And zope/plone allow for authentication to be done using
the contents of an LDAP Directory, and that is in the picture too. This
LDAP aspect does not seem to be a factor though, because two sites that
I operate both suffer from this bug, and one uses LDAP-authentication
and the other uses native plone-based authentication.
I've tried this with two different browsers: current versions of Mozilla
Firefox and Mozilla Camino in OSX so I'm quite sure that there is no
hidden client certificate negotiation going on between browser and server.
And even if you are
working with client certificates this only affects you in the case that you
are using Directory or Location based client certificates which require a SSL
renegotiation.
Well, I don't know how zope/plone implement this behavior, but uploading
content in a plone site is done by filling out a form and pressing the
"Save/Send" button in the plone site. What happens after I press that
button I'm not sure. I've posted this comment to the plone.users list
also, and have generated some interest there. Perhaps the plone and
apache folks should be talking to each other on this. What would be the
best way to facilitate that? Is list cross-posting discouraged?
Plus your POST request needs to be the first operation during your connection
to this Location / Directory.
My last comment above applies here too.
Surely there are other people that are suffering consequences of this
bug, no? How are you working around it?
Are there any plans to resolve this any time soon? I'm guessing it's
No, currently there are no plans to change this. Please have a look at
http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c3
http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c7
http://issues.apache.org/bugzilla/show_bug.cgi?id=39243#c14
Thanks for your reply. I will elaborate my bugzilla post to include the
absence of client certificate involvement.
-Kevin
