Client Authentication POST Problem

Hi,

I installed Bugzilla, and the directory it is in has the

VerifyClient require

and all the Apache directives set in the httpd.conf file. It works fine
(the browsers makes me choose a client certificate) but when I submit a form
into Bugzilla I get an error to the effect that POST is not allowed, and
this appears in the Apache logs:

[Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with
POST
method not supported!\nhint: try SSLOptions +OptRenegotiate

I tried the fix recommended in the log message, but it doesn't work. I
seemed to make it through one form OK, but then the next one got me the same
error message, both displayed by the browser and in the Apache logs.

Any other suggestions?

Thanks, Dave.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Authentication POST Problem

On Sat, 2004-12-25 at 15:37 -0500, David T. Ashley wrote:
> Hi,
>
> I installed Bugzilla, and the directory it is in has the
>
> VerifyClient require
>
> and all the Apache directives set in the httpd.conf file. It works fine
> (the browsers makes me choose a client certificate) but when I submit a form
> into Bugzilla I get an error to the effect that POST is not allowed, and
> this appears in the Apache logs:
>
> [Fri Dec 24 19:59:24 2004] [error] SSL Re-negotiation in conjunction with
> POST
> method not supported!\nhint: try SSLOptions +OptRenegotiate
>
> I tried the fix recommended in the log message, but it doesn't work. I
> seemed to make it through one form OK, but then the next one got me the same
> error message, both displayed by the browser and in the Apache logs.
>
> Any other suggestions?
>
> Thanks, Dave.

It just doesn't work in Apache 2.0.x.

Use Apache 1.3.x.

Adolfo Bello

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Authentication POST Problem

On Sat, 25 Dec 2004, Adolfo Bello wrote:

> It just doesn't work in Apache 2.0.x.
> Use Apache 1.3.x.

That doesn't sound like very good advice... if something is broken in
Apache 2.0.x, we should just fix it. :-/

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Authentication POST Problem

On Sat, 2004-12-25 at 21:53 -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
>
> > It just doesn't work in Apache 2.0.x.
> > Use Apache 1.3.x.
>
> That doesn't sound like very good advice... if something is broken in
> Apache 2.0.x, we should just fix it. :-/
>
> --Cliff

I heartily agree.

Unfortunately, I've been waiting for more than a year for this problem
to be fixed in Apache 2.0.x :-(

This bug was opened on 2002-09-06

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355

Happy Holidays,

Adolfo Bello

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Authentication POST Problem

On Sat, 25 Dec 2004, Adolfo Bello wrote:

> I heartily agree.
> Unfortunately, I've been waiting for more than a year for this problem
> to be fixed in Apache 2.0.x :-(
> This bug was opened on 2002-09-06
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355

Usually the trick to getting something really done around here is to keep
reminding somebody until it really gets their attention. :) Anyway I'll
forward this on to dev@httpd, and maybe we'll get a taker.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Authentication POST Problem

On Sat, 2004-12-25 at 22:52 -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
>
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
>
> Usually the trick to getting something really done around here is to keep
> reminding somebody until it really gets their attention. :) Anyway I'll
> forward this on to dev@httpd, and maybe we'll get a taker.
>
> --Cliff

Wow, that would be really great!!!

New hopes to get Back to the Future ;-)

Thanks.

Adolfo Bello

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Authentication POST Problem

On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
>
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
>
> Usually the trick to getting something really done around here is to keep
> reminding somebody until it really gets their attention. :) Anyway I'll
> forward this on to dev@httpd, and maybe we'll get a taker.

It's a particularly annoying problem. The solution in mod_ssl-for-1.3
is not really ideal (it allows a DoS attack of sorts); I spent some time
working on a better solution for 2.0 but it didn't seem feasible in the
end. It remains on my list of "hard problems to fix" as time permits...

joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org