SSL internal server errors
hi all, i have been encountering a pretty strange problem on my webserver since i caught the slapper work a few weeks ago. all https connections to cgi scripts produce an internal server error sometimes together will this message in the log file: OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long after some research and consultation with support staff from thawtee, my certificate issuer, i was told that i have to have my certificate reissued as the worm has corrupted it. i have replaced the certificate with the brand new one i ordered but i still have the same problems. i also tried disabling SSLv2 but to no avail. static pages work fine under https and the cgi scripts that fail under https work fine under http. i have upgraded all relevant software and removed the worm. does anyone else have the same problem or any clue on what could be causing it? my setup is redhat 7.3 with: apache 1.3.27 + mod_ssl 2.8.12 + openssl 0.9.6b any help will be greatly appreciated. many thanks giorgos __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Mod_ssl and apache 2.0.40
It is an obvious loop. Why are you suprised that this loops? Please provide: 1) Example of incoming URL 2) What you want it to translate to Rgds, Owen Boyle -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Montag, 16. Dezember 2002 15:32 To: [EMAIL PROTECTED] Subject: Mod_ssl and apache 2.0.40 Hello, I install on a PC linux redhat 8.0 a web server apache 2.0.40 and mod ssl 0.9.6b (configuration include in redhat 8.0) I want to access a directory of my site with ssl. The directory site pages have been written in html without ssl. To avoid the rewritting of all pages, I try to put the following directives in /etc/httpd/conf.d/ssl.conf Location /test RewriteEngineon RewriteCond %{HTTPS} !=on RewriteRule ^/home/httpd/html/telechargement/(.*)$ https://%{SERVER_NAME}/telechargement/$1 [R,L] /Location If I test http://machine.site/telechargement/fichier.html. The server permanently loops . I obtain the following messages in ssl_access_log : 143.196.30.134 - - [10/Dec/2002:11:00:22 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 143.196.30.134 - - [10/Dec/2002:11:00:23 +0100] GET /test/compteftp.doc HTTP/1.1 302 295 I read a lot of archives of the mail and the faq of apache. I have seen that a lot of solutions for this matter has been found with apache 1.3.*. So i compile apache_1.3.27 with mod-ssl_2.8.12 on the same PC. I test this server with the same config and it works fine. Does anyone know where the problem is? Regards __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
POST with mod_ssl intermittently fails with a 405
Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBaseou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: POST with mod_ssl intermittently fails with a 405
Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List
RE: POST with mod_ssl intermittently fails with a 405
I've just re-read the original posters message, and it is possible that when they say the system is self-built that they built an older version of openssl. However, given what I've already said that is unlikely. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] I know it sounds cocky, but I honestly believe that one day there'll be a telephone in every Town in America - Alexander Graham Bell -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: 17 December 2002 15:19 To: [EMAIL PROTECTED] Subject: RE: POST with mod_ssl intermittently fails with a 405 Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP _ _ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or
RE: POST with mod_ssl intermittently fails with a 405
It is just Apache PHP mod_authzldap that are self-built (i.e. compiled). The rest of the system is a vanilla RedHat 7.3. -JP On Tue, 17 Dec 2002, [EMAIL PROTECTED] wrote: I've just re-read the original posters message, and it is possible that when they say the system is self-built that they built an older version of openssl. However, given what I've already said that is unlikely. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] I know it sounds cocky, but I honestly believe that one day there'll be a telephone in every Town in America - Alexander Graham Bell -Original Message- From: Boyle Owen [mailto:[EMAIL PROTECTED]] Sent: 17 December 2002 15:19 To: [EMAIL PROTECTED] Subject: RE: POST with mod_ssl intermittently fails with a 405 Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP _ _ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List
RE: POST with mod_ssl intermittently fails with a 405
I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the hint in the error_log. Any other ideas ? -JP On Tue, 17 Dec 2002, Boyle Owen wrote: Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to
RE: POST with mod_ssl intermittently fails with a 405
Sorry to be slow on the uptake. How big is your POST? I had an issue with memory_limit, post_max_size and upload_max_filesize (all in /etc/php.ini). If your POST is bigger than the limits within php, the script may give up. This could be the cause of what you are seeing. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] I know it sounds cocky, but I honestly believe that one day there'll be a telephone in every Town in America - Alexander Graham Bell (my paraphrase) -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: 17 December 2002 16:50 To: [EMAIL PROTECTED] Subject: RE: POST with mod_ssl intermittently fails with a 405 I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the hint in the error_log. Any other ideas ? -JP On Tue, 17 Dec 2002, Boyle Owen wrote: Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP _ _ Apache Interface to OpenSSL (mod_ssl)
RE: POST with mod_ssl intermittently fails with a 405
Oops. I meant to say that you should have memory_limit twice upload_max_filesize. I've had problem when they've both been the same. John -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: 17 December 2002 16:50 To: [EMAIL PROTECTED] Subject: RE: POST with mod_ssl intermittently fails with a 405 I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the hint in the error_log. Any other ideas ? -JP On Tue, 17 Dec 2002, Boyle Owen wrote: Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP _ _ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from
RE: POST with mod_ssl intermittently fails with a 405
I've got an upload_max_filesize = 2M and a memory_limit = 8M and I'm POSTing 10 fields of about 20 characters each! I'm using POST because there will later be a file attached, but at the moment there isn't. So it can't really be that, can it ? -JP On Tue, 17 Dec 2002, [EMAIL PROTECTED] wrote: Oops. I meant to say that you should have memory_limit twice upload_max_filesize. I've had problem when they've both been the same. John -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: 17 December 2002 16:50 To: [EMAIL PROTECTED] Subject: RE: POST with mod_ssl intermittently fails with a 405 I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the hint in the error_log. Any other ideas ? -JP On Tue, 17 Dec 2002, Boyle Owen wrote: Your openSSL libs are a bit old - there have been many important code updates since 0.9.6b. In particular, the most recent update (0.9.6h) fixed race condition bugs that were causing intermittent failures. Try an upgrade first, I would advise... Rgds, Owen Boyle -Original Message- From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 16:07 To: [EMAIL PROTECTED] Subject: POST with mod_ssl intermittently fails with a 405 Hello, I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43, mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22 Every so often a PHP page is called with a POST request to send data to the server. The whole server area is protected via the following settings in ssl.conf: Directory /var/www/html/ca Options Indexes FollowSymLinks ExecCGI DirectoryIndex index.php index.cgi SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 4 SSLRequire ( \ %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \ %{SSL_CLIENT_I_DN_CN} eq my CA ) AuthzLDAPEngine on AuthzLDAPAuthoritative on AuthzLDAPServer localhost:389 AuthzLDAPBindDN cn=manager,dc=mydomain,dc=com AuthzLDAPBindPassword terriblysecret AuthzLDAPUseCertificate on AuthzLDAPSetAuthorization on AuthzLDAPUseSerial on AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com AuthzLDAPMapScope subtree AuthzLDAPLogLevel warn AuthzLDAPCacheConnectionoff AuthzLDAPCacheSize 0 AuthNameAuthzLDAP AuthTypeBasic /Directory and with the following require in .htaccess of the same directory: require user CN=Jan-Piet [EMAIL PROTECTED] GET operations always work perfectly (BTW almost all resources are .PHP). Once in a while a POST method is attempted which then sometimes fails (not always). When it has failed, subsequent GET methods on different pages do not work either. After a certain time which always differs, the GET will work and the following POST also. I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout doesn't seem to matter either. At the time of the failure, the logs have this in them: error_log: [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported! hint: try SSLOptions +OptRenegotiate access_log: 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] POST /ca/ra/upd.php HTTP/1.1 405 312 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] GET /ca/ra/req.php HTTP/1.1 403 292 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED] [17/Dec/2002:15:49:21 +0100] GET /ca/ra/req.php HTTP/1.1 200 4936 ssl_request_log: [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 POST /ca/ra/upd.php HTTP/1.1 312 s_dn=-, issuer=- The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all with a client cert issued by my CA. The issue affects both clients (Netscape 4.5 shows the same) Can someone help me resolve this, please ? Thank you very much. Regards, -JP _ _ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] This message is
Ilya Birman/US/ABNAMRO/NL is out of the office.
I will be out of the office starting 12/17/2002 and will not return until 01/08/2003. I am out of the office on vacation from Dec 17, 2002, returning January 8, 2003. In case of emergency please contact UNIX shift pager at [EMAIL PROTECTED] Ilya. --- This message (including any attachments) is confidential and may be privileged. If you have received it by mistake please notify the sender by return e-mail and delete this message from your system. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited. Please note that e-mails are susceptible to change. ABN AMRO Bank N.V. (including its group companies) shall not be liable for the improper or incomplete transmission of the information contained in this communication nor for any delay in its receipt or damage to your system. ABN AMRO Bank N.V. (or its group companies) does not guarantee that the integrity of this communication has been maintained nor that this communication is free of viruses, interceptions or interference. --- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]