Bug #1834671 also has this possible workaround: """ Another workaround is to move the SSLVerifyClient config to the vhost level. It it applied to the whole vhost, and there are no exceptions in specific blocks, then a re-negotiation isn't triggered and the problem doesn't happen. """
i.e., it's the change in ssl configuration inside a vhost that triggers the PHA, from my understanding. -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1865900 Title: apache 2.4.29-1ubuntu4.12 authentication with client certificate broken To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1865900/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs