SSL internal server errors
hi all, i have been encountering a pretty strange problem on my webserver since i caught the slapper work a few weeks ago. all https connections to cgi scripts produce an internal server error sometimes together will this message in the log file: OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long after some research and consultation with support staff from thawtee, my certificate issuer, i was told that i have to have my certificate reissued as the worm has corrupted it. i have replaced the certificate with the brand new one i ordered but i still have the same problems. i also tried disabling SSLv2 but to no avail. static pages work fine under https and the cgi scripts that fail under https work fine under http. i have upgraded all relevant software and removed the worm. does anyone else have the same problem or any clue on what could be causing it? my setup is redhat 7.3 with: apache 1.3.27 + mod_ssl 2.8.12 + openssl 0.9.6b any help will be greatly appreciated. many thanks giorgos __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Mod_ssl and apache 2.0.40
It is an obvious loop. Why are you suprised that this loops? Please
provide:
1) Example of incoming URL
2) What you want it to translate to
Rgds,
Owen Boyle
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Montag, 16. Dezember 2002 15:32
To: [EMAIL PROTECTED]
Subject: Mod_ssl and apache 2.0.40
Hello,
I install on a PC linux redhat 8.0 a web server apache 2.0.40
and mod ssl
0.9.6b (configuration include in redhat 8.0)
I want to access a directory of my site with ssl. The
directory site pages
have been written in html without ssl.
To avoid the rewritting of all pages, I try to put the
following directives
in /etc/httpd/conf.d/ssl.conf
Location /test
RewriteEngineon
RewriteCond %{HTTPS} !=on
RewriteRule ^/home/httpd/html/telechargement/(.*)$
https://%{SERVER_NAME}/telechargement/$1 [R,L]
/Location
If I test http://machine.site/telechargement/fichier.html. The server
permanently loops .
I obtain the following messages in ssl_access_log :
143.196.30.134 - - [10/Dec/2002:11:00:22 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET
/test/compteftp.doc
HTTP/1.1 302 295
I read a lot of archives of the mail and the faq of apache. I have seen
that a lot of solutions for this matter has been
found with apache 1.3.*. So i compile apache_1.3.27 with
mod-ssl_2.8.12 on
the same PC. I test this server with the same config and it works fine.
Does anyone know where the problem is?
Regards
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to send data to the
server. The whole server area is protected via the following settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars
OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBaseou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources are .PHP).
Once in a while a POST method is attempted which then sometimes fails (not
always). When it has failed, subsequent GET methods on different pages do
not work either. After a certain time which always differs, the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking
it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43
OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST
method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405
312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21
+0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php
HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
with a client cert issued by my CA. The issue affects both clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
RE: POST with mod_ssl intermittently fails with a 405
Your openSSL libs are a bit old - there have been many important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
RE: POST with mod_ssl intermittently fails with a 405
I've just re-read the original posters message, and it is possible that when
they say the system is self-built that they built an older version of
openssl. However, given what I've already said that is unlikely.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America - Alexander Graham Bell
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2002 15:19
To: [EMAIL PROTECTED]
Subject: RE: POST with mod_ssl intermittently fails with a 405
Your openSSL libs are a bit old - there have been many important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN
cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet
Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
_
_
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or
RE: POST with mod_ssl intermittently fails with a 405
It is just Apache PHP mod_authzldap that are self-built (i.e. compiled).
The rest of the system is a vanilla RedHat 7.3.
-JP
On Tue, 17 Dec 2002, [EMAIL PROTECTED] wrote:
I've just re-read the original posters message, and it is possible that when
they say the system is self-built that they built an older version of
openssl. However, given what I've already said that is unlikely.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America - Alexander Graham Bell
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2002 15:19
To: [EMAIL PROTECTED]
Subject: RE: POST with mod_ssl intermittently fails with a 405
Your openSSL libs are a bit old - there have been many important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN
cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet
Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
_
_
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List
RE: POST with mod_ssl intermittently fails with a 405
I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the
hint in the error_log. Any other ideas ?
-JP
On Tue, 17 Dec 2002, Boyle Owen wrote:
Your openSSL libs are a bit old - there have been many important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to
RE: POST with mod_ssl intermittently fails with a 405
Sorry to be slow on the uptake. How big is your POST? I had an issue with
memory_limit, post_max_size and upload_max_filesize (all in /etc/php.ini).
If your POST is bigger than the limits within php, the script may give up.
This could be the cause of what you are seeing.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America - Alexander Graham Bell (my paraphrase)
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2002 16:50
To: [EMAIL PROTECTED]
Subject: RE: POST with mod_ssl intermittently fails with a 405
I've upgraded to 0.9.6h and recompiled Apache. No change.
Still get the
hint in the error_log. Any other ideas ?
-JP
On Tue, 17 Dec 2002, Boyle Owen wrote:
Your openSSL libs are a bit old - there have been many
important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent
failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN
cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet
Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
_
_
Apache Interface to OpenSSL (mod_ssl)
RE: POST with mod_ssl intermittently fails with a 405
Oops. I meant to say that you should have memory_limit twice
upload_max_filesize. I've had problem when they've both been the same.
John
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2002 16:50
To: [EMAIL PROTECTED]
Subject: RE: POST with mod_ssl intermittently fails with a 405
I've upgraded to 0.9.6h and recompiled Apache. No change.
Still get the
hint in the error_log. Any other ideas ?
-JP
On Tue, 17 Dec 2002, Boyle Owen wrote:
Your openSSL libs are a bit old - there have been many
important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent
failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN
cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet
Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
_
_
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any
mistransmission.
If you receive this message in error, please notify the
sender urgently
and then immediately delete the message and any copies of
it from
RE: POST with mod_ssl intermittently fails with a 405
I've got an upload_max_filesize = 2M and a memory_limit = 8M and I'm POSTing
10 fields of about 20 characters each! I'm using POST because there will
later be a file attached, but at the moment there isn't. So it can't really
be that, can it ?
-JP
On Tue, 17 Dec 2002, [EMAIL PROTECTED] wrote:
Oops. I meant to say that you should have memory_limit twice
upload_max_filesize. I've had problem when they've both been the same.
John
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2002 16:50
To: [EMAIL PROTECTED]
Subject: RE: POST with mod_ssl intermittently fails with a 405
I've upgraded to 0.9.6h and recompiled Apache. No change.
Still get the
hint in the error_log. Any other ideas ?
-JP
On Tue, 17 Dec 2002, Boyle Owen wrote:
Your openSSL libs are a bit old - there have been many
important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent
failures. Try
an upgrade first, I would advise...
Rgds,
Owen Boyle
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 17. Dezember 2002 16:07
To: [EMAIL PROTECTED]
Subject: POST with mod_ssl intermittently fails with a 405
Hello,
I've got an self-built Apache on a RedHat 7.3 Linux box with
Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
Every so often a PHP page is called with a POST request to
send data to the
server. The whole server area is protected via the following
settings in
ssl.conf:
Directory /var/www/html/ca
Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
StrictRequire StdEnvVars OptRenegotiate
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq my CA )
AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN
cn=manager,dc=mydomain,dc=com
AuthzLDAPBindPassword terriblysecret
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase
ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnectionoff
AuthzLDAPCacheSize 0
AuthNameAuthzLDAP
AuthTypeBasic
/Directory
and with the following require in .htaccess of the same directory:
require user CN=Jan-Piet [EMAIL PROTECTED]
GET operations always work perfectly (BTW almost all resources
are .PHP).
Once in a while a POST method is attempted which then
sometimes fails (not
always). When it has failed, subsequent GET methods on
different pages do
not work either. After a certain time which always differs,
the GET will work
and the following POST also.
I've tried changing SSLSessionCache to `shm' and SSLMutex to
`sem' thinking
it had something to do with it, but to no avail. The value of
SSLSessionCacheTimeout
doesn't seem to matter either.
At the time of the failure, the logs have this in them:
error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate
access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST
/ca/ra/upd.php HTTP/1.1 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET
/ca/ra/req.php HTTP/1.1 403 292
10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
[17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936
ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=-
The clients are a mixture of Mozilla 1.2 and Internet
Explorer 6.0 all
with a client cert issued by my CA. The issue affects both
clients (Netscape
4.5 shows the same)
Can someone help me resolve this, please ?
Thank you very much.
Regards,
-JP
_
_
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
This message is
Ilya Birman/US/ABNAMRO/NL is out of the office.
I will be out of the office starting 12/17/2002 and will not return until 01/08/2003. I am out of the office on vacation from Dec 17, 2002, returning January 8, 2003. In case of emergency please contact UNIX shift pager at [EMAIL PROTECTED] Ilya. --- This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. --- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
