I am posting this to the PHP group because my content is croaking on php
content, Please see case 3 in the detailed description of this email.
This email has been posted to modssl and OpenCA new listings.
Environment:
Server
--[Webserver]--
Solaris v.7,8
Apache 1.3.19
mod_php 4.0.4
mod_ssl 2.8.3(?)
Cold Fusion (for Solaris 4.5)
--[Certificate Authority Server]--
OpenSSL 0.9.6a
FreeBSD | 4.x
OpenCA 0.2-4(?)
Client(s)
----------------
Netscape (v.4.7x) under Windows & Solaris
Problem:
[ Generic Description ]
I generated Digital Certificats using OpenCA and OpenSSL
(x.509 PKCS#12 format [.p12 extension for my webbrowsers])
to use with my clients for authentication verification.
After I have the certificate installed (in Netscape and Internet
Exploader), I go to the following
https://www.mysecure_client_website.com/
Request works perfectly on ALL platforms for Internet Explorer (gee no
suprise there, right?).
BUT... when I use Netscape v.4.76 (any 4.x version to be honest), to
visit the website, I am required to give my certificate to the host.
Whats interesting, though (and the root of many headaches as of late),
is that when I try to make ANOTHER request (Keepalive set to something
like 300 seconds) to the webserver off a link from the website's main
page I am ----> AGAIN <--- required to give my certificate to the host.
This will happen even if I refresh my CURRENT page.
Here is the test cases in which I can duplicate the problem with:
[ Grainular Description (just being more specific) ]
Case 1:
On plain static content request:
https://www.mysecure_website.com/index.html
Everything works fine.
What I mean by static is, NO Cold Fusion markup, NO DHTML (I will get
back to this one in a second), and NO php.
Case 2:
Ok, first case works fine all the time, but doesn't prove to me things
are working. I put in an index.php page with a call to phpinfo().
For those of you who are not formiliar with php, bare with
me. phpinfo() is a function that can spit out all the information about
your server and would look something like this in my index.php page:
<?php echo phpinfo(); ?>
I make a request to the following website:
https://www.mysecure_website.com/index.php
*POOF* .. I was able to reproduce the problem. The request for my
certificate is made just fine. Transaction works fine. NOW, when I
refresh my page (remembering that keepalive is still 300 seconds - so
the Apache child that handled my request should still be alive)
I am required to enter my certificate again. This will happen for links,
as well as refresh.
At this point, I'm thinking its just Dynamic content with the modules
that is screwing with me, so I went back to my Cold Fusion DSO module
(DSO because Alliare is closed source remember?).
Case 3:
Ok. I added Cold Fusion to the index.cfm page (changing the default
page from index.html to index.cfm in the httpd.conf file - I could have
just removed index.html but that would have been to easey ;) ) I make a
request to something like this:
https://www.mysecure_website.com/index.cfm
The HOST asks for my Certificate, to which I present and everything is
dandy. EXCEPT, my DHTML now crashes my Netscape session and causes
Netscape to hang on BOTH Windows and Solaris (unsure of Linux -> but if
it Solaris AND Windows but yack, I assume Linux will as well | note: I
add that my clients use Netscape AND Internet Explorer )
So, in closing, my problems are that Netscape bombs on DHTML w/
*.p12 certificates AND requires that I present my certificate more than
one time during a session with my webserver.
Help?!
John Waller
[EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
--
PHP Install Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
