Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to send data to the
server. The whole server area is protected via the following settings in
ssl.conf:
<Directory /var/www/html/ca>
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars
OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq "my CA" )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN "cn=manager,dc=mydomain,dc=com"
AuthzLDAPBindPassword "terriblysecret"
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnection off
AuthzLDAPCacheSize 0
AuthName AuthzLDAP
AuthType Basic
</Directory>
and with the following require in .htaccess of the same directory:
require user "CN=Jan-Piet [EMAIL PROTECTED]"
GET operations always work perfectly (BTW almost all resources are .PHP).
Once in a while a POST method is attempted which then sometimes fails (not
always). When it has failed, subsequent GET methods on different pages do
not work either. After a certain time which always differs, the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking
it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43
OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST
method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST /ca/ra/upd.php HTTP/1.1" 405
312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET /ca/ra/req.php HTTP/1.1" 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21
+0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 "POST /ca/ra/upd.php
HTTP/1.1" 312 s_dn="-", issuer="-"
The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
with a client cert issued by my CA. The issue affects both clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
