On Thu, Oct 21, 1999, Jeremy Daniel wrote:
> I pulled down the snapshot just now in the hope that it would include
> a fix for a problem I was in the process of dealing with.
>
> First the good news: it compiled and ran with no apparent hitches
> under SunOS 5.6 (with mod_perl-1.21 and openssl 0.9.4)
>
> Now, what for me was bad: A (perhaps known) bug (or at least
> annoyance) is still in there. When you specify "SSLVerifyClient
> required" within a <Directory ...> directive something gets confused
> for CGI posts. This causes a 405 "Method Not Allowed - The requested
> method POST is not allowed for the URL /cgi-auth/foo.pl." and in the
> errors_log "[error] mod_ssl: SSL Re-negotiation in conjunction with
> POST method not supported!" I saw several messages in the list
> archive about what looked like this bug, but I was uncertain in many
> cases.
This is not really bug, it's more or less a general restriction caused by the
fact that Apache, mod_ssl and OpenSSL are not a monolitic integrated program.
If you want to use POST in this situation you've enable some experimental code
with --enable-rule=SSL_EXPERIMENTAL, first. I consider this code to be
stable, so give it a try.
> Partially because I believe the error messages I am seeing are
> recent additions.
Correct. The message was added to inform you that currently per default
mod_ssl does not support this situation. And it says that you need to enable
experimental stuff to make it running.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
