SSL problem with method=POST when requiring a certificate

Wed, 19 May 1999 12:17:21 -0700 

I'm running Apache 1.3.6, openssl 0.92b and mod_ssl 2.2.8 on HP/UX 10.20.  I've
got the following in my Apache config file:

     <Directory "/opt/htdocs/use-cert">
     SSLVerifyClient require
     SSLOptions +FakeBasicAuth
     SSLRequireSSL
     </Directory>

This seems to work OK -- a valid certificate is required before you can see
documents in this directory.  The problem is when I use method=POST in an HTML
form.  After submitting the form, the browser says "An I/O error occurred
during security authorization.  Please try your connection again."

When I use method=GET in the form, it works just fine.  Plain CGI scripts work
OK, so do static HTML pages.  The same form (with POST or get) works fine, as
long as I move it to a directory which doesn't require a client certificate.

In the Apache error log I get the following lines each time a form is POSTed
and a client certificate is required:

>[Tue May 18 12:05:38 1999] [error] mod_ssl: Re-negotiation handshake failed: 
>Not accepted by client!?
>[Tue May 18 12:05:38 1999] [error] mod_ssl: SSL error on reading data 
>(OpenSSL library error follows)
>[Tue May 18 12:05:38 1999] [error] OpenSSL: error:140940F5:SSL 
>routines:SSL3_READ_BYTES:unexpected record
>[Tue May 18 12:05:38 1999] [error] mod_ssl: SSL error on writing data 
>(OpenSSL library error follows)
>[Tue May 18 12:05:38 1999] [error] OpenSSL: error:140940F5:SSL 
>routines:SSL3_READ_BYTES:unexpected record

I'm using a Verisign server certificate, and a client certificate I generated
and signed myself.  The browser I'm testing with is Netscape Communicator 4.51,
Windows NT 4.0 sp4.  If you want to test with your own browser & certificate,
the URL is https://www-gate.it-services.nwu.edu/it/use-cert/blort.html.  After
submitting the form, you should see a bunch of information about your
certificate and the server's, plus ssl version info, etc.

Thanks for your suggestions and/or explanations. 
--
Phil Tracy
Northwestern University, Evanston, IL   USA
mailto:[EMAIL PROTECTED]    http://dopey.at.nwu.edu/tracy/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to