Re: Anoying client certs selection ... - Netscape Browsers

Dr. Arend van der Veen Tue, 23 Nov 1999 06:05:26 -0800
Hi,

I have been looking for a solution to a problem with Netscape Browsers.  The
problem is that if  a client certificate is required it is requested on each
request.  Is the discussion below pointing to such a solution ?

Thanks,
Arend van der Veen

-----Original Message-----
From: Ralf S. Engelschall <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Monday, November 22, 1999 8:26 PM
Subject: Re: Anoying client certs selection ...


>On Mon, Nov 22, 1999, Radovan Semancik wrote:
>
>> > > > When I set up SSLVerifyClient optional in Location in Virtual host
>> > > > context, server requests user certificate on evevry HTTPS request.
It
>> > > > seems like mod_ssl is iniciating re-negotiation on every request.
Should
>> > > > not that be chached and user cert requested only once per session?
>> > >
>> > > Some long hours later I found a solution ...
>> > >
>> > > Problem was in dbm libraries of solaris. mod_ssl seems not to work
>> > > properly with them. The thing that confused me was that there was no
>> > > error message in any log.
>> > >
>> > > When I compiled mod-ssl with built in SDMB it began to work OK.
>> >
>> > Because a failed cache lookup is not considered an error, of course.
>> > But if you use "SSLLogLevel trace" you at least should be able
>> > to recognize the constant failing lookups in your situation.
>>
>> But failed write to cache should be considere an error. I've checked
>> database files (.dir, .pag) and they have length of 0.
>
>Then the DBM storing doesn't work. Yes, you're right, mod_ssl should also
>explicitly log an error if dbm_store() failed (it currently does only log
>failed dbm_open). I've enhanced this for mod_ssl 2.4.9 now, too. But
whether
>your DBM storing doesn't work I don't know. Seems like a sensible vendor
DBM
>library. But now that it works with SDBM you don't have to care about it.
>Alternatively you can also try the shared memory session cache (via MM
>library).
>                                       Ralf S. Engelschall
>                                       [EMAIL PROTECTED]
>                                       www.engelschall.com
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      [EMAIL PROTECTED]
>Automated List Manager                            [EMAIL PROTECTED]
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: Anoying client certs selection ... - Netscape Browsers

Reply via email to
