No change. Initially all works fine. If I set SSLSessionCacheTimeout to 15
the 405 followed by 403 errors occur immediately! Otherwise when set to 3600
the errors occur at different intervals. What now ?
Thanks & regards,
-JP
On Wed, 18 Dec 2002, [EMAIL PROTECTED] wrote:
> Will the file be fairly large then?
>
> Try setting these to 8M and 16M respectively (if you have enough memory that
> is), do a reload of the config and see if the problem repeats. It may be the
> case that there is a large overhead on the forms that you are submitting
> (since each field becomes a PHP variable).
>
> John
>
> > -----Original Message-----
> > From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
> > Sent: 17 December 2002 17:39
> > To: [EMAIL PROTECTED]
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > I've got an upload_max_filesize = 2M and a memory_limit = 8M
> > and I'm POSTing
> > 10 fields of about 20 characters each! I'm using POST because
> > there will
> > later be a file attached, but at the moment there isn't. So
> > it can't really
> > be that, can it ?
> > -JP
> >
> >
> > On Tue, 17 Dec 2002, [EMAIL PROTECTED] wrote:
> >
> > > Oops. I meant to say that you should have "memory_limit" twice
> > > "upload_max_filesize". I've had problem when they've both
> > been the same.
> > >
> > > John
> > >
> > > > -----Original Message-----
> > > > From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
> > > > Sent: 17 December 2002 16:50
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: POST with mod_ssl intermittently fails with a 405
> > > >
> > > >
> > > > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > > > Still get the
> > > > hint in the error_log. Any other ideas ?
> > > >
> > > > -JP
> > > >
> > > >
> > > > On Tue, 17 Dec 2002, Boyle Owen wrote:
> > > >
> > > > > Your openSSL libs are a bit old - there have been many
> > > > important code
> > > > > updates since 0.9.6b. In particular, the most recent
> > update (0.9.6h)
> > > > > fixed race condition bugs that were causing intermittent
> > > > failures. Try
> > > > > an upgrade first, I would advise...
> > > > >
> > > > > Rgds,
> > > > >
> > > > > Owen Boyle
> > > > >
> > > > > >-----Original Message-----
> > > > > >From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
> > > > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > > > >To: [EMAIL PROTECTED]
> > > > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > > > >
> > > > > >
> > > > > >Hello,
> > > > > >
> > > > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > > > >Apache/2.0.43,
> > > > > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and
> > mod_authzldap 0.22
> > > > > >
> > > > > >Every so often a PHP page is called with a POST request to
> > > > > >send data to the
> > > > > >server. The whole server area is protected via the following
> > > > > >settings in
> > > > > >ssl.conf:
> > > > > >
> > > > > ><Directory /var/www/html/ca>
> > > > > > Options Indexes FollowSymLinks ExecCGI
> > > > > > DirectoryIndex index.php index.cgi
> > > > > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > > > >StrictRequire StdEnvVars OptRenegotiate
> > > > > >
> > > > > > SSLRequireSSL
> > > > > > SSLVerifyClient require
> > > > > > SSLVerifyDepth 4
> > > > > > SSLRequire ( \
> > > > > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > > > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > > > >
> > > > > > AuthzLDAPEngine on
> > > > > > AuthzLDAPAuthoritative on
> > > > > > AuthzLDAPServer localhost:389
> > > > > > AuthzLDAPBindDN
> > > > "cn=manager,dc=mydomain,dc=com"
> > > > > > AuthzLDAPBindPassword "terriblysecret"
> > > > > > AuthzLDAPUseCertificate on
> > > > > > AuthzLDAPSetAuthorization on
> > > > > > AuthzLDAPUseSerial on
> > > > > > AuthzLDAPMapBase
> > > > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > > > > AuthzLDAPMapScope subtree
> > > > > > AuthzLDAPLogLevel warn
> > > > > > AuthzLDAPCacheConnection off
> > > > > > AuthzLDAPCacheSize 0
> > > > > > AuthName AuthzLDAP
> > > > > > AuthType Basic
> > > > > ></Directory>
> > > > > >
> > > > > >and with the following require in .htaccess of the
> > same directory:
> > > > > >
> > > > > > require user "CN=Jan-Piet [EMAIL PROTECTED]"
> > > > > >
> > > > > >GET operations always work perfectly (BTW almost all resources
> > > > > >are .PHP).
> > > > > >Once in a while a POST method is attempted which then
> > > > > >sometimes fails (not
> > > > > >always). When it has failed, subsequent GET methods on
> > > > > >different pages do
> > > > > >not work either. After a certain time which always differs,
> > > > > >the GET will work
> > > > > >and the following POST also.
> > > > > >
> > > > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > > > >`sem' thinking
> > > > > >it had something to do with it, but to no avail. The value of
> > > > > >SSLSessionCacheTimeout
> > > > > >doesn't seem to matter either.
> > > > > >
> > > > > >At the time of the failure, the logs have this in them:
> > > > > >
> > > > > >error_log:
> > > > > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > > > >resuming normal operations
> > > > > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > > > >in conjunction with POST method not supported!
> > > > > > hint: try SSLOptions +OptRenegotiate
> > > > > >
> > > > > >access_log:
> > > > > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > > > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > > > > 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
> > > > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php
> > HTTP/1.1" 200 4936
> > > > > >
> > > > > >ssl_request_log:
> > > > > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > > > > >
> > > > > >The clients are a mixture of Mozilla 1.2 and Internet
> > > > Explorer 6.0 all
> > > > > >with a client cert issued by my CA. The issue affects both
> > > > > >clients (Netscape
> > > > > >4.5 shows the same)
> > > > > >
> > > > > >Can someone help me resolve this, please ?
> > > > > >
> > > > > >Thank you very much.
> > > > > >Regards,
> > > > > > -JP
> > > > > >
> > > > >
> > > > >_____________________________________________________________
> > > > _________
> > > > > >Apache Interface to OpenSSL (mod_ssl)
> > > > www.modssl.org
> > > > > >User Support Mailing List
> > > > [EMAIL PROTECTED]
> > > > > >Automated List Manager
> > > > [EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > > This message is for the named person's use only. It may contain
> > > > > confidential, proprietary or legally privileged information. No
> > > > > confidentiality or privilege is waived or lost by any
> > > > mistransmission.
> > > > > If you receive this message in error, please notify the
> > > > sender urgently
> > > > > and then immediately delete the message and any copies of
> > > > it from your
> > > > > system. Please also immediately destroy any hardcopies of
> > > > the message.
> > > > > You must not, directly or indirectly, use, disclose,
> > > > distribute, print,
> > > > > or copy any part of this message if you are not the
> > > > intended recipient.
> > > > > The sender's company reserves the right to monitor all e-mail
> > > > > communications through their networks. Any views
> > expressed in this
> > > > > message are those of the individual sender, except
> > where the message
> > > > > states otherwise and the sender is authorised to state them
> > > > to be the
> > > > > views of the sender's company.
> > > > >
> > > >
> > ______________________________________________________________________
> > > > > Apache Interface to OpenSSL (mod_ssl)
> > > > www.modssl.org
> > > > > User Support Mailing List
> > > > [EMAIL PROTECTED]
> > > > > Automated List Manager
> > > > [EMAIL PROTECTED]
> > > > >
> > > >
> > > >
> > ______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > > User Support Mailing List
> > [EMAIL PROTECTED]
> > > > Automated List Manager
> > [EMAIL PROTECTED]
> > > >
> > >
> > > -
> > >
> > > NOTICE: The information contained in this email and any
> > attachments is
> > > confidential and may be legally privileged. If you are not the
> > > intended recipient you are hereby notified that you must not use,
> > > disclose, distribute, copy, print or rely on this email's
> > content. If
> > > you are not the intended recipient, please notify the sender
> > > immediately and then delete the email and any attachments from your
> > > system.
> > >
> > > RNIB has made strenuous efforts to ensure that emails and any
> > > attachments generated by its staff are free from viruses.
> > However, it
> > > cannot accept any responsibility for any viruses which are
> > > transmitted. We therefore recommend you scan all attachments.
> > >
> > > Please note that the statements and views expressed in this email
> > > and any attachments are those of the author and do not necessarily
> > > represent those of RNIB.
> > >
> > > RNIB Registered Charity Number: 226227
> > >
> > > Website: http://www.rnib.org.uk
> > >
> > ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > [EMAIL PROTECTED]
> > > Automated List Manager
> > [EMAIL PROTECTED]
> > >
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
