I've just re-read the original posters message, and it is possible that when they say the system is "self-built" that they built an older version of openssl. However, given what I've already said that is unlikely.
- John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] "I know it sounds cocky, but I honestly believe that one day there'll be a telephone in every Town in America" - Alexander Graham Bell > -----Original Message----- > From: Boyle Owen [mailto:[EMAIL PROTECTED]] > Sent: 17 December 2002 15:19 > To: [EMAIL PROTECTED] > Subject: RE: POST with mod_ssl intermittently fails with a 405 > > > Your openSSL libs are a bit old - there have been many important code > updates since 0.9.6b. In particular, the most recent update (0.9.6h) > fixed race condition bugs that were causing intermittent failures. Try > an upgrade first, I would advise... > > Rgds, > > Owen Boyle > > >-----Original Message----- > >From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] > >Sent: Dienstag, 17. Dezember 2002 16:07 > >To: [EMAIL PROTECTED] > >Subject: POST with mod_ssl intermittently fails with a 405 > > > > > >Hello, > > > >I've got an self-built Apache on a RedHat 7.3 Linux box with > >Apache/2.0.43, > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 > > > >Every so often a PHP page is called with a POST request to > >send data to the > >server. The whole server area is protected via the following > >settings in > >ssl.conf: > > > ><Directory /var/www/html/ca> > > Options Indexes FollowSymLinks ExecCGI > > DirectoryIndex index.php index.cgi > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars > >StrictRequire StdEnvVars OptRenegotiate > > > > SSLRequireSSL > > SSLVerifyClient require > > SSLVerifyDepth 4 > > SSLRequire ( \ > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ > > %{SSL_CLIENT_I_DN_CN} eq "my CA" ) > > > > AuthzLDAPEngine on > > AuthzLDAPAuthoritative on > > AuthzLDAPServer localhost:389 > > AuthzLDAPBindDN > "cn=manager,dc=mydomain,dc=com" > > AuthzLDAPBindPassword "terriblysecret" > > AuthzLDAPUseCertificate on > > AuthzLDAPSetAuthorization on > > AuthzLDAPUseSerial on > > AuthzLDAPMapBase > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com > > AuthzLDAPMapScope subtree > > AuthzLDAPLogLevel warn > > AuthzLDAPCacheConnection off > > AuthzLDAPCacheSize 0 > > AuthName AuthzLDAP > > AuthType Basic > ></Directory> > > > >and with the following require in .htaccess of the same directory: > > > > require user "CN=Jan-Piet [EMAIL PROTECTED]" > > > >GET operations always work perfectly (BTW almost all resources > >are .PHP). > >Once in a while a POST method is attempted which then > >sometimes fails (not > >always). When it has failed, subsequent GET methods on > >different pages do > >not work either. After a certain time which always differs, > >the GET will work > >and the following POST also. > > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to > >`sem' thinking > >it had something to do with it, but to no avail. The value of > >SSLSessionCacheTimeout > >doesn't seem to matter either. > > > >At the time of the failure, the logs have this in them: > > > >error_log: > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- > >resuming normal operations > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation > >in conjunction with POST method not supported! > > hint: try SSLOptions +OptRenegotiate > > > >access_log: > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST > >/ca/ra/upd.php HTTP/1.1" 405 312 > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET > >/ca/ra/req.php HTTP/1.1" 403 292 > > 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936 > > > >ssl_request_log: > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-" > > > >The clients are a mixture of Mozilla 1.2 and Internet > Explorer 6.0 all > >with a client cert issued by my CA. The issue affects both > >clients (Netscape > >4.5 shows the same) > > > >Can someone help me resolve this, please ? > > > >Thank you very much. > >Regards, > > -JP > > > >_____________________________________________________________ > _________ > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
