POST with mod_ssl intermittently fails with a 405

Hello,

I've got an self-built Apache on a RedHat 7.3 Linux box with Apache/2.0.43,
mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22

Every so often a PHP page is called with a POST request to send data to the
server. The whole server area is protected via the following settings in
ssl.conf:


Options Indexes FollowSymLinks ExecCGI
DirectoryIndex index.php index.cgi
SSLOptions FakeBasicAuth ExportCertData CompatEnvVars StrictRequire StdEnvVars OptRenegotiate

SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 4
SSLRequire ( \
%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
%{SSL_CLIENT_I_DN_CN} eq "my CA" )

AuthzLDAPEngine on
AuthzLDAPAuthoritative on
AuthzLDAPServer localhost:389
AuthzLDAPBindDN "cn=manager,dc=mydomain,dc=com"
AuthzLDAPBindPassword "terriblysecret"
AuthzLDAPUseCertificate on
AuthzLDAPSetAuthorization on
AuthzLDAPUseSerial on
AuthzLDAPMapBase ou=AuthzLDAPCertmap,dc=mydomain,dc=com
AuthzLDAPMapScope subtree
AuthzLDAPLogLevel warn
AuthzLDAPCacheConnection off
AuthzLDAPCacheSize 0
AuthName AuthzLDAP
AuthType Basic


and with the following require in .htaccess of the same directory:

require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"

GET operations always work perfectly (BTW almost all resources are .PHP).
Once in a while a POST method is attempted which then sometimes fails (not
always). When it has failed, subsequent GET methods on different pages do
not work either. After a certain time which always differs, the GET will work
and the following POST also.

I've tried changing SSLSessionCache to `shm' and SSLMutex to `sem' thinking
it had something to do with it, but to no avail. The value of SSLSessionCacheTimeout
doesn't seem to matter either.

At the time of the failure, the logs have this in them:

error_log:
[Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured -- resuming normal operations
[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation in conjunction with POST method not supported!
hint: try SSLOptions +OptRenegotiate

access_log:
10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST /ca/ra/upd.php HTTP/1.1" 405 312
10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET /ca/ra/req.php HTTP/1.1" 403 292
10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com [17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936

ssl_request_log:
[17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5 "POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"

The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
with a client cert issued by my CA. The issue affects both clients (Netscape
4.5 shows the same)

Can someone help me resolve this, please ?

Thank you very much.
Regards,
-JP

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

Your openSSL libs are a bit old - there have been many important code
updates since 0.9.6b. In particular, the most recent update (0.9.6h)
fixed race condition bugs that were causing intermittent failures. Try
an upgrade first, I would advise...

Rgds,

Owen Boyle

>-----Original Message-----
>From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
>Sent: Dienstag, 17. Dezember 2002 16:07
>To: modssl-users@modssl.org
>Subject: POST with mod_ssl intermittently fails with a 405
>
>
>Hello,
>
>I've got an self-built Apache on a RedHat 7.3 Linux box with
>Apache/2.0.43,
>mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
>
>Every so often a PHP page is called with a POST request to
>send data to the
>server. The whole server area is protected via the following
>settings in
>ssl.conf:
>
>
> Options Indexes FollowSymLinks ExecCGI
> DirectoryIndex index.php index.cgi
> SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
>StrictRequire StdEnvVars OptRenegotiate
>
> SSLRequireSSL
> SSLVerifyClient require
> SSLVerifyDepth 4
> SSLRequire ( \
> %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> %{SSL_CLIENT_I_DN_CN} eq "my CA" )
>
> AuthzLDAPEngine on
> AuthzLDAPAuthoritative on
> AuthzLDAPServer localhost:389
> AuthzLDAPBindDN "cn=manager,dc=mydomain,dc=com"
> AuthzLDAPBindPassword "terriblysecret"
> AuthzLDAPUseCertificate on
> AuthzLDAPSetAuthorization on
> AuthzLDAPUseSerial on
> AuthzLDAPMapBase
>ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> AuthzLDAPMapScope subtree
> AuthzLDAPLogLevel warn
> AuthzLDAPCacheConnection off
> AuthzLDAPCacheSize 0
> AuthName AuthzLDAP
> AuthType Basic
>
>
>and with the following require in .htaccess of the same directory:
>
> require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
>
>GET operations always work perfectly (BTW almost all resources
>are .PHP).
>Once in a while a POST method is attempted which then
>sometimes fails (not
>always). When it has failed, subsequent GET methods on
>different pages do
>not work either. After a certain time which always differs,
>the GET will work
>and the following POST also.
>
>I've tried changing SSLSessionCache to `shm' and SSLMutex to
>`sem' thinking
>it had something to do with it, but to no avail. The value of
>SSLSessionCacheTimeout
>doesn't seem to matter either.
>
>At the time of the failure, the logs have this in them:
>
>error_log:
> [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
>(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
>resuming normal operations
> [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
>in conjunction with POST method not supported!
> hint: try SSLOptions +OptRenegotiate
>
>access_log:
> 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
>/ca/ra/upd.php HTTP/1.1" 405 312
> 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
>/ca/ra/req.php HTTP/1.1" 403 292
> 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
>[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
>
>ssl_request_log:
> [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
>"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
>
>The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
>with a client cert issued by my CA. The issue affects both
>clients (Netscape
>4.5 shows the same)
>
>Can someone help me resolve this, please ?
>
>Thank you very much.
>Regards,
> -JP
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

Sorry to correct you Owen, (you are usually spot on), but RedHat 7.x/8.0
will all show openssl 0.9.6b. Provided that the machine is up to date (eg
using Red Hat Network at https://rhn.redhat.com) it will have all the
updates.

And no, I'm not on commission...

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell


> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: 17 December 2002 15:19
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
>
>
> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
>
> Rgds,
>
> Owen Boyle
>
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: modssl-users@modssl.org
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with
> >Apache/2.0.43,
> >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to
> >send data to the
> >server. The whole server area is protected via the following
> >settings in
> >ssl.conf:
> >
> >
> > Options Indexes FollowSymLinks ExecCGI
> > DirectoryIndex index.php index.cgi
> > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> >StrictRequire StdEnvVars OptRenegotiate
> >
> > SSLRequireSSL
> > SSLVerifyClient require
> > SSLVerifyDepth 4
> > SSLRequire ( \
> > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> > AuthzLDAPEngine on
> > AuthzLDAPAuthoritative on
> > AuthzLDAPServer localhost:389
> > AuthzLDAPBindDN
> "cn=manager,dc=mydomain,dc=com"
> > AuthzLDAPBindPassword "terriblysecret"
> > AuthzLDAPUseCertificate on
> > AuthzLDAPSetAuthorization on
> > AuthzLDAPUseSerial on
> > AuthzLDAPMapBase
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > AuthzLDAPMapScope subtree
> > AuthzLDAPLogLevel warn
> > AuthzLDAPCacheConnection off
> > AuthzLDAPCacheSize 0
> > AuthName AuthzLDAP
> > AuthType Basic
> >
> >
> >and with the following require in .htaccess of the same directory:
> >
> > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> >
> >GET operations always work perfectly (BTW almost all resources
> >are .PHP).
> >Once in a while a POST method is attempted which then
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on
> >different pages do
> >not work either. After a certain time which always differs,
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> >resuming normal operations
> > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> >in conjunction with POST method not supported!
> > hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> >/ca/ra/upd.php HTTP/1.1" 405 312
> > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> >/ca/ra/req.php HTTP/1.1" 403 292
> > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet
> Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> > -JP
> >
> >___________________________________________________________ __
> _________
> >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

I've just re-read the original posters message, and it is possible that when
they say the system is "self-built" that they built an older version of
openssl. However, given what I've already said that is unlikely.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell


> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: 17 December 2002 15:19
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
>
>
> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
>
> Rgds,
>
> Owen Boyle
>
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: modssl-users@modssl.org
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with
> >Apache/2.0.43,
> >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to
> >send data to the
> >server. The whole server area is protected via the following
> >settings in
> >ssl.conf:
> >
> >
> > Options Indexes FollowSymLinks ExecCGI
> > DirectoryIndex index.php index.cgi
> > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> >StrictRequire StdEnvVars OptRenegotiate
> >
> > SSLRequireSSL
> > SSLVerifyClient require
> > SSLVerifyDepth 4
> > SSLRequire ( \
> > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> > AuthzLDAPEngine on
> > AuthzLDAPAuthoritative on
> > AuthzLDAPServer localhost:389
> > AuthzLDAPBindDN
> "cn=manager,dc=mydomain,dc=com"
> > AuthzLDAPBindPassword "terriblysecret"
> > AuthzLDAPUseCertificate on
> > AuthzLDAPSetAuthorization on
> > AuthzLDAPUseSerial on
> > AuthzLDAPMapBase
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > AuthzLDAPMapScope subtree
> > AuthzLDAPLogLevel warn
> > AuthzLDAPCacheConnection off
> > AuthzLDAPCacheSize 0
> > AuthName AuthzLDAP
> > AuthType Basic
> >
> >
> >and with the following require in .htaccess of the same directory:
> >
> > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> >
> >GET operations always work perfectly (BTW almost all resources
> >are .PHP).
> >Once in a while a POST method is attempted which then
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on
> >different pages do
> >not work either. After a certain time which always differs,
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> >resuming normal operations
> > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> >in conjunction with POST method not supported!
> > hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> >/ca/ra/upd.php HTTP/1.1" 405 312
> > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> >/ca/ra/req.php HTTP/1.1" 403 292
> > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet
> Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> > -JP
> >
> >___________________________________________________________ __
> _________
> >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

It is just Apache & PHP & mod_authzldap that are self-built (i.e. compiled).
The rest of the system is a vanilla RedHat 7.3.

-JP


On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:

> I've just re-read the original posters message, and it is possible that when
> they say the system is "self-built" that they built an older version of
> openssl. However, given what I've already said that is unlikely.
>
> -
> John Airey, BSc (Jt Hons), CNA, RHCE
> Internet systems support officer, ITCSD, Royal National Institute of the
> Blind,
> Bakewell Road, Peterborough PE2 6XU,
> Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk
>
> "I know it sounds cocky, but I honestly believe that one day there'll be a
> telephone in every Town in America" - Alexander Graham Bell
>
>
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > Sent: 17 December 2002 15:19
> > To: modssl-users@modssl.org
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > Your openSSL libs are a bit old - there have been many important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: modssl-users@modssl.org
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > >
> > > Options Indexes FollowSymLinks ExecCGI
> > > DirectoryIndex index.php index.cgi
> > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > > SSLRequireSSL
> > > SSLVerifyClient require
> > > SSLVerifyDepth 4
> > > SSLRequire ( \
> > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > > AuthzLDAPEngine on
> > > AuthzLDAPAuthoritative on
> > > AuthzLDAPServer localhost:389
> > > AuthzLDAPBindDN
> > "cn=manager,dc=mydomain,dc=com"
> > > AuthzLDAPBindPassword "terriblysecret"
> > > AuthzLDAPUseCertificate on
> > > AuthzLDAPSetAuthorization on
> > > AuthzLDAPUseSerial on
> > > AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > AuthzLDAPMapScope subtree
> > > AuthzLDAPLogLevel warn
> > > AuthzLDAPCacheConnection off
> > > AuthzLDAPCacheSize 0
> > > AuthName AuthzLDAP
> > > AuthType Basic
> > >
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > > hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet
> > Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > > -JP
> > >
> > >___________________________________________________________ __
> > _________
> > >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

This error might be related to bug
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D12355
,
as your error message
> > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > > hint: try SSLOptions +OptRenegotiate
suggests.

My interpretation (not sure).
On an existing SSL connection (established with a GET request), =
subsequent
POSTs are possible.
But after timeout of this connection, if the first request for the new
establishment of connection is POST, it sometimes (or always?) fails.
Therefor the intermittend error only.

You can produce this error always, if you do "Verify client" for single
directories only, not for the whole server.

By the way: The hint with +OptRenegotiate does not help for the above =
bug.

Hope it helps.
Wolf

----------------------------------------
Dr. Wolf-Dietrich Moeller
Siemens AG, CT IC 3, D-81730 München
Corporate Technology Department Security
Mch P, Tel. +49 89 636-53391, Fax -48000
mailto:HYPERLINK
"mailto:wolf-dietrich.moeller@siemens.com"wolf-dietrich.moel ler@siemens.=
com
=20
Intranet https://security.ct.siemens.de/ =
=20


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the
hint in the error_log. Any other ideas ?

-JP


On Tue, 17 Dec 2002, Boyle Owen wrote:

> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
>
> Rgds,
>
> Owen Boyle
>
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: modssl-users@modssl.org
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with
> >Apache/2.0.43,
> >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to
> >send data to the
> >server. The whole server area is protected via the following
> >settings in
> >ssl.conf:
> >
> >
> > Options Indexes FollowSymLinks ExecCGI
> > DirectoryIndex index.php index.cgi
> > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> >StrictRequire StdEnvVars OptRenegotiate
> >
> > SSLRequireSSL
> > SSLVerifyClient require
> > SSLVerifyDepth 4
> > SSLRequire ( \
> > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> > AuthzLDAPEngine on
> > AuthzLDAPAuthoritative on
> > AuthzLDAPServer localhost:389
> > AuthzLDAPBindDN "cn=manager,dc=mydomain,dc=com"
> > AuthzLDAPBindPassword "terriblysecret"
> > AuthzLDAPUseCertificate on
> > AuthzLDAPSetAuthorization on
> > AuthzLDAPUseSerial on
> > AuthzLDAPMapBase
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > AuthzLDAPMapScope subtree
> > AuthzLDAPLogLevel warn
> > AuthzLDAPCacheConnection off
> > AuthzLDAPCacheSize 0
> > AuthName AuthzLDAP
> > AuthType Basic
> >
> >
> >and with the following require in .htaccess of the same directory:
> >
> > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> >
> >GET operations always work perfectly (BTW almost all resources
> >are .PHP).
> >Once in a while a POST method is attempted which then
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on
> >different pages do
> >not work either. After a certain time which always differs,
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> >resuming normal operations
> > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> >in conjunction with POST method not supported!
> > hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> >/ca/ra/upd.php HTTP/1.1" 405 312
> > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> >/ca/ra/req.php HTTP/1.1" 403 292
> > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> > -JP
> >
> >___________________________________________________________ ___________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

Sorry to be slow on the uptake. How big is your POST? I had an issue with
memory_limit, post_max_size and upload_max_filesize (all in /etc/php.ini).
If your POST is bigger than the limits within php, the script may give up.
This could be the cause of what you are seeing.

-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@rnib.org.uk

"I know it sounds cocky, but I honestly believe that one day there'll be a
telephone in every Town in America" - Alexander Graham Bell (my paraphrase)


> -----Original Message-----
> From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> Sent: 17 December 2002 16:50
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
>
>
> I've upgraded to 0.9.6h and recompiled Apache. No change.
> Still get the
> hint in the error_log. Any other ideas ?
>
> -JP
>
>
> On Tue, 17 Dec 2002, Boyle Owen wrote:
>
> > Your openSSL libs are a bit old - there have been many
> important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent
> failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: modssl-users@modssl.org
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > >
> > > Options Indexes FollowSymLinks ExecCGI
> > > DirectoryIndex index.php index.cgi
> > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > > SSLRequireSSL
> > > SSLVerifyClient require
> > > SSLVerifyDepth 4
> > > SSLRequire ( \
> > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > > AuthzLDAPEngine on
> > > AuthzLDAPAuthoritative on
> > > AuthzLDAPServer localhost:389
> > > AuthzLDAPBindDN
> "cn=manager,dc=mydomain,dc=com"
> > > AuthzLDAPBindPassword "terriblysecret"
> > > AuthzLDAPUseCertificate on
> > > AuthzLDAPSetAuthorization on
> > > AuthzLDAPUseSerial on
> > > AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > AuthzLDAPMapScope subtree
> > > AuthzLDAPLogLevel warn
> > > AuthzLDAPCacheConnection off
> > > AuthzLDAPCacheSize 0
> > > AuthName AuthzLDAP
> > > AuthType Basic
> > >
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > > hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet
> Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > > -JP
> > >
> >
> >___________________________________________________________ __
> _________
> > >Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> >User Support Mailing List modssl-users@modssl.org
> >Automated List Manager majordomo@modssl.org
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

Oops. I meant to say that you should have "memory_limit" twice
"upload_max_filesize". I've had problem when they've both been the same.

John

> -----Original Message-----
> From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> Sent: 17 December 2002 16:50
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
>
>
> I've upgraded to 0.9.6h and recompiled Apache. No change.
> Still get the
> hint in the error_log. Any other ideas ?
>
> -JP
>
>
> On Tue, 17 Dec 2002, Boyle Owen wrote:
>
> > Your openSSL libs are a bit old - there have been many
> important code
> > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > fixed race condition bugs that were causing intermittent
> failures. Try
> > an upgrade first, I would advise...
> >
> > Rgds,
> >
> > Owen Boyle
> >
> > >-----Original Message-----
> > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > >Sent: Dienstag, 17. Dezember 2002 16:07
> > >To: modssl-users@modssl.org
> > >Subject: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > >Hello,
> > >
> > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > >Apache/2.0.43,
> > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> > >
> > >Every so often a PHP page is called with a POST request to
> > >send data to the
> > >server. The whole server area is protected via the following
> > >settings in
> > >ssl.conf:
> > >
> > >
> > > Options Indexes FollowSymLinks ExecCGI
> > > DirectoryIndex index.php index.cgi
> > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > >StrictRequire StdEnvVars OptRenegotiate
> > >
> > > SSLRequireSSL
> > > SSLVerifyClient require
> > > SSLVerifyDepth 4
> > > SSLRequire ( \
> > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > >
> > > AuthzLDAPEngine on
> > > AuthzLDAPAuthoritative on
> > > AuthzLDAPServer localhost:389
> > > AuthzLDAPBindDN
> "cn=manager,dc=mydomain,dc=com"
> > > AuthzLDAPBindPassword "terriblysecret"
> > > AuthzLDAPUseCertificate on
> > > AuthzLDAPSetAuthorization on
> > > AuthzLDAPUseSerial on
> > > AuthzLDAPMapBase
> > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > AuthzLDAPMapScope subtree
> > > AuthzLDAPLogLevel warn
> > > AuthzLDAPCacheConnection off
> > > AuthzLDAPCacheSize 0
> > > AuthName AuthzLDAP
> > > AuthType Basic
> > >
> > >
> > >and with the following require in .htaccess of the same directory:
> > >
> > > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > >
> > >GET operations always work perfectly (BTW almost all resources
> > >are .PHP).
> > >Once in a while a POST method is attempted which then
> > >sometimes fails (not
> > >always). When it has failed, subsequent GET methods on
> > >different pages do
> > >not work either. After a certain time which always differs,
> > >the GET will work
> > >and the following POST also.
> > >
> > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > >`sem' thinking
> > >it had something to do with it, but to no avail. The value of
> > >SSLSessionCacheTimeout
> > >doesn't seem to matter either.
> > >
> > >At the time of the failure, the logs have this in them:
> > >
> > >error_log:
> > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > >resuming normal operations
> > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > >in conjunction with POST method not supported!
> > > hint: try SSLOptions +OptRenegotiate
> > >
> > >access_log:
> > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > >/ca/ra/req.php HTTP/1.1" 403 292
> > > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > >
> > >ssl_request_log:
> > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > >
> > >The clients are a mixture of Mozilla 1.2 and Internet
> Explorer 6.0 all
> > >with a client cert issued by my CA. The issue affects both
> > >clients (Netscape
> > >4.5 shows the same)
> > >
> > >Can someone help me resolve this, please ?
> > >
> > >Thank you very much.
> > >Regards,
> > > -JP
> > >
> >
> >___________________________________________________________ __
> _________
> > >Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > >User Support Mailing List
> modssl-users@modssl.org
> > >Automated List Manager
> majordomo@modssl.org
> > >
> >
> > This message is for the named person's use only. It may contain
> > confidential, proprietary or legally privileged information. No
> > confidentiality or privilege is waived or lost by any
> mistransmission.
> > If you receive this message in error, please notify the
> sender urgently
> > and then immediately delete the message and any copies of
> it from your
> > system. Please also immediately destroy any hardcopies of
> the message.
> > You must not, directly or indirectly, use, disclose,
> distribute, print,
> > or copy any part of this message if you are not the
> intended recipient.
> > The sender's company reserves the right to monitor all e-mail
> > communications through their networks. Any views expressed in this
> > message are those of the individual sender, except where the message
> > states otherwise and the sender is authorised to state them
> to be the
> > views of the sender's company.
> >
> ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

I've got an upload_max_filesize = 2M and a memory_limit = 8M and I'm POSTing
10 fields of about 20 characters each! I'm using POST because there will
later be a file attached, but at the moment there isn't. So it can't really
be that, can it ?
-JP


On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:

> Oops. I meant to say that you should have "memory_limit" twice
> "upload_max_filesize". I've had problem when they've both been the same.
>
> John
>
> > -----Original Message-----
> > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > Sent: 17 December 2002 16:50
> > To: modssl-users@modssl.org
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > Still get the
> > hint in the error_log. Any other ideas ?
> >
> > -JP
> >
> >
> > On Tue, 17 Dec 2002, Boyle Owen wrote:
> >
> > > Your openSSL libs are a bit old - there have been many
> > important code
> > > updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> > > fixed race condition bugs that were causing intermittent
> > failures. Try
> > > an upgrade first, I would advise...
> > >
> > > Rgds,
> > >
> > > Owen Boyle
> > >
> > > >-----Original Message-----
> > > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > >To: modssl-users@modssl.org
> > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > >
> > > >
> > > >Hello,
> > > >
> > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > >Apache/2.0.43,
> > > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> > > >
> > > >Every so often a PHP page is called with a POST request to
> > > >send data to the
> > > >server. The whole server area is protected via the following
> > > >settings in
> > > >ssl.conf:
> > > >
> > > >
> > > > Options Indexes FollowSymLinks ExecCGI
> > > > DirectoryIndex index.php index.cgi
> > > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > >StrictRequire StdEnvVars OptRenegotiate
> > > >
> > > > SSLRequireSSL
> > > > SSLVerifyClient require
> > > > SSLVerifyDepth 4
> > > > SSLRequire ( \
> > > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > >
> > > > AuthzLDAPEngine on
> > > > AuthzLDAPAuthoritative on
> > > > AuthzLDAPServer localhost:389
> > > > AuthzLDAPBindDN
> > "cn=manager,dc=mydomain,dc=com"
> > > > AuthzLDAPBindPassword "terriblysecret"
> > > > AuthzLDAPUseCertificate on
> > > > AuthzLDAPSetAuthorization on
> > > > AuthzLDAPUseSerial on
> > > > AuthzLDAPMapBase
> > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > > AuthzLDAPMapScope subtree
> > > > AuthzLDAPLogLevel warn
> > > > AuthzLDAPCacheConnection off
> > > > AuthzLDAPCacheSize 0
> > > > AuthName AuthzLDAP
> > > > AuthType Basic
> > > >
> > > >
> > > >and with the following require in .htaccess of the same directory:
> > > >
> > > > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > > >
> > > >GET operations always work perfectly (BTW almost all resources
> > > >are .PHP).
> > > >Once in a while a POST method is attempted which then
> > > >sometimes fails (not
> > > >always). When it has failed, subsequent GET methods on
> > > >different pages do
> > > >not work either. After a certain time which always differs,
> > > >the GET will work
> > > >and the following POST also.
> > > >
> > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > >`sem' thinking
> > > >it had something to do with it, but to no avail. The value of
> > > >SSLSessionCacheTimeout
> > > >doesn't seem to matter either.
> > > >
> > > >At the time of the failure, the logs have this in them:
> > > >
> > > >error_log:
> > > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > >resuming normal operations
> > > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > >in conjunction with POST method not supported!
> > > > hint: try SSLOptions +OptRenegotiate
> > > >
> > > >access_log:
> > > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> > > >
> > > >ssl_request_log:
> > > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > > >
> > > >The clients are a mixture of Mozilla 1.2 and Internet
> > Explorer 6.0 all
> > > >with a client cert issued by my CA. The issue affects both
> > > >clients (Netscape
> > > >4.5 shows the same)
> > > >
> > > >Can someone help me resolve this, please ?
> > > >
> > > >Thank you very much.
> > > >Regards,
> > > > -JP
> > > >
> > >
> > >___________________________________________________________ __
> > _________
> > > >Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > >User Support Mailing List
> > modssl-users@modssl.org
> > > >Automated List Manager
> > majordomo@modssl.org
> > > >
> > >
> > > This message is for the named person's use only. It may contain
> > > confidential, proprietary or legally privileged information. No
> > > confidentiality or privilege is waived or lost by any
> > mistransmission.
> > > If you receive this message in error, please notify the
> > sender urgently
> > > and then immediately delete the message and any copies of
> > it from your
> > > system. Please also immediately destroy any hardcopies of
> > the message.
> > > You must not, directly or indirectly, use, disclose,
> > distribute, print,
> > > or copy any part of this message if you are not the
> > intended recipient.
> > > The sender's company reserves the right to monitor all e-mail
> > > communications through their networks. Any views expressed in this
> > > message are those of the individual sender, except where the message
> > > states otherwise and the sender is authorised to state them
> > to be the
> > > views of the sender's company.
> > >
> > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > modssl-users@modssl.org
> > > Automated List Manager
> > majordomo@modssl.org
> > >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

Will the file be fairly large then?

Try setting these to 8M and 16M respectively (if you have enough memory that
is), do a reload of the config and see if the problem repeats. It may be the
case that there is a large overhead on the forms that you are submitting
(since each field becomes a PHP variable).

John

> -----Original Message-----
> From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> Sent: 17 December 2002 17:39
> To: modssl-users@modssl.org
> Subject: RE: POST with mod_ssl intermittently fails with a 405
>
>
> I've got an upload_max_filesize = 2M and a memory_limit = 8M
> and I'm POSTing
> 10 fields of about 20 characters each! I'm using POST because
> there will
> later be a file attached, but at the moment there isn't. So
> it can't really
> be that, can it ?
> -JP
>
>
> On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:
>
> > Oops. I meant to say that you should have "memory_limit" twice
> > "upload_max_filesize". I've had problem when they've both
> been the same.
> >
> > John
> >
> > > -----Original Message-----
> > > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > Sent: 17 December 2002 16:50
> > > To: modssl-users@modssl.org
> > > Subject: RE: POST with mod_ssl intermittently fails with a 405
> > >
> > >
> > > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > > Still get the
> > > hint in the error_log. Any other ideas ?
> > >
> > > -JP
> > >
> > >
> > > On Tue, 17 Dec 2002, Boyle Owen wrote:
> > >
> > > > Your openSSL libs are a bit old - there have been many
> > > important code
> > > > updates since 0.9.6b. In particular, the most recent
> update (0.9.6h)
> > > > fixed race condition bugs that were causing intermittent
> > > failures. Try
> > > > an upgrade first, I would advise...
> > > >
> > > > Rgds,
> > > >
> > > > Owen Boyle
> > > >
> > > > >-----Original Message-----
> > > > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > > >To: modssl-users@modssl.org
> > > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > > >
> > > > >
> > > > >Hello,
> > > > >
> > > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > > >Apache/2.0.43,
> > > > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and
> mod_authzldap 0.22
> > > > >
> > > > >Every so often a PHP page is called with a POST request to
> > > > >send data to the
> > > > >server. The whole server area is protected via the following
> > > > >settings in
> > > > >ssl.conf:
> > > > >
> > > > >
> > > > > Options Indexes FollowSymLinks ExecCGI
> > > > > DirectoryIndex index.php index.cgi
> > > > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > > >StrictRequire StdEnvVars OptRenegotiate
> > > > >
> > > > > SSLRequireSSL
> > > > > SSLVerifyClient require
> > > > > SSLVerifyDepth 4
> > > > > SSLRequire ( \
> > > > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > > >
> > > > > AuthzLDAPEngine on
> > > > > AuthzLDAPAuthoritative on
> > > > > AuthzLDAPServer localhost:389
> > > > > AuthzLDAPBindDN
> > > "cn=manager,dc=mydomain,dc=com"
> > > > > AuthzLDAPBindPassword "terriblysecret"
> > > > > AuthzLDAPUseCertificate on
> > > > > AuthzLDAPSetAuthorization on
> > > > > AuthzLDAPUseSerial on
> > > > > AuthzLDAPMapBase
> > > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > > > AuthzLDAPMapScope subtree
> > > > > AuthzLDAPLogLevel warn
> > > > > AuthzLDAPCacheConnection off
> > > > > AuthzLDAPCacheSize 0
> > > > > AuthName AuthzLDAP
> > > > > AuthType Basic
> > > > >
> > > > >
> > > > >and with the following require in .htaccess of the
> same directory:
> > > > >
> > > > > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > > > >
> > > > >GET operations always work perfectly (BTW almost all resources
> > > > >are .PHP).
> > > > >Once in a while a POST method is attempted which then
> > > > >sometimes fails (not
> > > > >always). When it has failed, subsequent GET methods on
> > > > >different pages do
> > > > >not work either. After a certain time which always differs,
> > > > >the GET will work
> > > > >and the following POST also.
> > > > >
> > > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > > >`sem' thinking
> > > > >it had something to do with it, but to no avail. The value of
> > > > >SSLSessionCacheTimeout
> > > > >doesn't seem to matter either.
> > > > >
> > > > >At the time of the failure, the logs have this in them:
> > > > >
> > > > >error_log:
> > > > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > > >resuming normal operations
> > > > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > > >in conjunction with POST method not supported!
> > > > > hint: try SSLOptions +OptRenegotiate
> > > > >
> > > > >access_log:
> > > > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > > > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php
> HTTP/1.1" 200 4936
> > > > >
> > > > >ssl_request_log:
> > > > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > > > >
> > > > >The clients are a mixture of Mozilla 1.2 and Internet
> > > Explorer 6.0 all
> > > > >with a client cert issued by my CA. The issue affects both
> > > > >clients (Netscape
> > > > >4.5 shows the same)
> > > > >
> > > > >Can someone help me resolve this, please ?
> > > > >
> > > > >Thank you very much.
> > > > >Regards,
> > > > > -JP
> > > > >
> > > >
> > > >___________________________________________________________ __
> > > _________
> > > > >Apache Interface to OpenSSL (mod_ssl)
> > > www.modssl.org
> > > > >User Support Mailing List
> > > modssl-users@modssl.org
> > > > >Automated List Manager
> > > majordomo@modssl.org
> > > > >
> > > >
> > > > This message is for the named person's use only. It may contain
> > > > confidential, proprietary or legally privileged information. No
> > > > confidentiality or privilege is waived or lost by any
> > > mistransmission.
> > > > If you receive this message in error, please notify the
> > > sender urgently
> > > > and then immediately delete the message and any copies of
> > > it from your
> > > > system. Please also immediately destroy any hardcopies of
> > > the message.
> > > > You must not, directly or indirectly, use, disclose,
> > > distribute, print,
> > > > or copy any part of this message if you are not the
> > > intended recipient.
> > > > The sender's company reserves the right to monitor all e-mail
> > > > communications through their networks. Any views
> expressed in this
> > > > message are those of the individual sender, except
> where the message
> > > > states otherwise and the sender is authorised to state them
> > > to be the
> > > > views of the sender's company.
> > > >
> > >
> ____________________________________________________________ __________
> > > > Apache Interface to OpenSSL (mod_ssl)
> > > www.modssl.org
> > > > User Support Mailing List
> > > modssl-users@modssl.org
> > > > Automated List Manager
> > > majordomo@modssl.org
> > > >
> > >
> > >
> ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > > User Support Mailing List
> modssl-users@modssl.org
> > > Automated List Manager
> majordomo@modssl.org
> > >
> >
> > -
> >
> > NOTICE: The information contained in this email and any
> attachments is
> > confidential and may be legally privileged. If you are not the
> > intended recipient you are hereby notified that you must not use,
> > disclose, distribute, copy, print or rely on this email's
> content. If
> > you are not the intended recipient, please notify the sender
> > immediately and then delete the email and any attachments from your
> > system.
> >
> > RNIB has made strenuous efforts to ensure that emails and any
> > attachments generated by its staff are free from viruses.
> However, it
> > cannot accept any responsibility for any viruses which are
> > transmitted. We therefore recommend you scan all attachments.
> >
> > Please note that the statements and views expressed in this email
> > and any attachments are those of the author and do not necessarily
> > represent those of RNIB.
> >
> > RNIB Registered Charity Number: 226227
> >
> > Website: http://www.rnib.org.uk
> >
> ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> majordomo@modssl.org
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

-

NOTICE: The information contained in this email and any attachments is
confidential and may be legally privileged. If you are not the
intended recipient you are hereby notified that you must not use,
disclose, distribute, copy, print or rely on this email's content. If
you are not the intended recipient, please notify the sender
immediately and then delete the email and any attachments from your
system.

RNIB has made strenuous efforts to ensure that emails and any
attachments generated by its staff are free from viruses. However, it
cannot accept any responsibility for any viruses which are
transmitted. We therefore recommend you scan all attachments.

Please note that the statements and views expressed in this email
and any attachments are those of the author and do not necessarily
represent those of RNIB.

RNIB Registered Charity Number: 226227

Website: http://www.rnib.org.uk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

No change. Initially all works fine. If I set SSLSessionCacheTimeout to 15
the 405 followed by 403 errors occur immediately! Otherwise when set to 3600
the errors occur at different intervals. What now ?

Thanks & regards,
-JP


On Wed, 18 Dec 2002, John.Airey@rnib.org.uk wrote:

> Will the file be fairly large then?
>
> Try setting these to 8M and 16M respectively (if you have enough memory that
> is), do a reload of the config and see if the problem repeats. It may be the
> case that there is a large overhead on the forms that you are submitting
> (since each field becomes a PHP variable).
>
> John
>
> > -----Original Message-----
> > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > Sent: 17 December 2002 17:39
> > To: modssl-users@modssl.org
> > Subject: RE: POST with mod_ssl intermittently fails with a 405
> >
> >
> > I've got an upload_max_filesize = 2M and a memory_limit = 8M
> > and I'm POSTing
> > 10 fields of about 20 characters each! I'm using POST because
> > there will
> > later be a file attached, but at the moment there isn't. So
> > it can't really
> > be that, can it ?
> > -JP
> >
> >
> > On Tue, 17 Dec 2002, John.Airey@rnib.org.uk wrote:
> >
> > > Oops. I meant to say that you should have "memory_limit" twice
> > > "upload_max_filesize". I've had problem when they've both
> > been the same.
> > >
> > > John
> > >
> > > > -----Original Message-----
> > > > From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > > Sent: 17 December 2002 16:50
> > > > To: modssl-users@modssl.org
> > > > Subject: RE: POST with mod_ssl intermittently fails with a 405
> > > >
> > > >
> > > > I've upgraded to 0.9.6h and recompiled Apache. No change.
> > > > Still get the
> > > > hint in the error_log. Any other ideas ?
> > > >
> > > > -JP
> > > >
> > > >
> > > > On Tue, 17 Dec 2002, Boyle Owen wrote:
> > > >
> > > > > Your openSSL libs are a bit old - there have been many
> > > > important code
> > > > > updates since 0.9.6b. In particular, the most recent
> > update (0.9.6h)
> > > > > fixed race condition bugs that were causing intermittent
> > > > failures. Try
> > > > > an upgrade first, I would advise...
> > > > >
> > > > > Rgds,
> > > > >
> > > > > Owen Boyle
> > > > >
> > > > > >-----Original Message-----
> > > > > >From: Jan-Piet Mens [mailto:jpm@Retail-sc.com]
> > > > > >Sent: Dienstag, 17. Dezember 2002 16:07
> > > > > >To: modssl-users@modssl.org
> > > > > >Subject: POST with mod_ssl intermittently fails with a 405
> > > > > >
> > > > > >
> > > > > >Hello,
> > > > > >
> > > > > >I've got an self-built Apache on a RedHat 7.3 Linux box with
> > > > > >Apache/2.0.43,
> > > > > >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and
> > mod_authzldap 0.22
> > > > > >
> > > > > >Every so often a PHP page is called with a POST request to
> > > > > >send data to the
> > > > > >server. The whole server area is protected via the following
> > > > > >settings in
> > > > > >ssl.conf:
> > > > > >
> > > > > >
> > > > > > Options Indexes FollowSymLinks ExecCGI
> > > > > > DirectoryIndex index.php index.cgi
> > > > > > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> > > > > >StrictRequire StdEnvVars OptRenegotiate
> > > > > >
> > > > > > SSLRequireSSL
> > > > > > SSLVerifyClient require
> > > > > > SSLVerifyDepth 4
> > > > > > SSLRequire ( \
> > > > > > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > > > > > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> > > > > >
> > > > > > AuthzLDAPEngine on
> > > > > > AuthzLDAPAuthoritative on
> > > > > > AuthzLDAPServer localhost:389
> > > > > > AuthzLDAPBindDN
> > > > "cn=manager,dc=mydomain,dc=com"
> > > > > > AuthzLDAPBindPassword "terriblysecret"
> > > > > > AuthzLDAPUseCertificate on
> > > > > > AuthzLDAPSetAuthorization on
> > > > > > AuthzLDAPUseSerial on
> > > > > > AuthzLDAPMapBase
> > > > > >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > > > > > AuthzLDAPMapScope subtree
> > > > > > AuthzLDAPLogLevel warn
> > > > > > AuthzLDAPCacheConnection off
> > > > > > AuthzLDAPCacheSize 0
> > > > > > AuthName AuthzLDAP
> > > > > > AuthType Basic
> > > > > >
> > > > > >
> > > > > >and with the following require in .htaccess of the
> > same directory:
> > > > > >
> > > > > > require user "CN=Jan-Piet Mens/Email=jpm@mydomain.com"
> > > > > >
> > > > > >GET operations always work perfectly (BTW almost all resources
> > > > > >are .PHP).
> > > > > >Once in a while a POST method is attempted which then
> > > > > >sometimes fails (not
> > > > > >always). When it has failed, subsequent GET methods on
> > > > > >different pages do
> > > > > >not work either. After a certain time which always differs,
> > > > > >the GET will work
> > > > > >and the following POST also.
> > > > > >
> > > > > >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> > > > > >`sem' thinking
> > > > > >it had something to do with it, but to no avail. The value of
> > > > > >SSLSessionCacheTimeout
> > > > > >doesn't seem to matter either.
> > > > > >
> > > > > >At the time of the failure, the logs have this in them:
> > > > > >
> > > > > >error_log:
> > > > > > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> > > > > >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> > > > > >resuming normal operations
> > > > > > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > > > >in conjunction with POST method not supported!
> > > > > > hint: try SSLOptions +OptRenegotiate
> > > > > >
> > > > > >access_log:
> > > > > > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> > > > > >/ca/ra/upd.php HTTP/1.1" 405 312
> > > > > > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> > > > > >/ca/ra/req.php HTTP/1.1" 403 292
> > > > > > 10.0.0.1 - CN=Jan-Piet Mens/Email=jpm@mydomain.com
> > > > > >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php
> > HTTP/1.1" 200 4936
> > > > > >
> > > > > >ssl_request_log:
> > > > > > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> > > > > >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> > > > > >
> > > > > >The clients are a mixture of Mozilla 1.2 and Internet
> > > > Explorer 6.0 all
> > > > > >with a client cert issued by my CA. The issue affects both
> > > > > >clients (Netscape
> > > > > >4.5 shows the same)
> > > > > >
> > > > > >Can someone help me resolve this, please ?
> > > > > >
> > > > > >Thank you very much.
> > > > > >Regards,
> > > > > > -JP
> > > > > >
> > > > >
> > > > >___________________________________________________________ __
> > > > _________
> > > > > >Apache Interface to OpenSSL (mod_ssl)
> > > > www.modssl.org
> > > > > >User Support Mailing List
> > > > modssl-users@modssl.org
> > > > > >Automated List Manager
> > > > majordomo@modssl.org
> > > > > >
> > > > >
> > > > > This message is for the named person's use only. It may contain
> > > > > confidential, proprietary or legally privileged information. No
> > > > > confidentiality or privilege is waived or lost by any
> > > > mistransmission.
> > > > > If you receive this message in error, please notify the
> > > > sender urgently
> > > > > and then immediately delete the message and any copies of
> > > > it from your
> > > > > system. Please also immediately destroy any hardcopies of
> > > > the message.
> > > > > You must not, directly or indirectly, use, disclose,
> > > > distribute, print,
> > > > > or copy any part of this message if you are not the
> > > > intended recipient.
> > > > > The sender's company reserves the right to monitor all e-mail
> > > > > communications through their networks. Any views
> > expressed in this
> > > > > message are those of the individual sender, except
> > where the message
> > > > > states otherwise and the sender is authorised to state them
> > > > to be the
> > > > > views of the sender's company.
> > > > >
> > > >
> > ____________________________________________________________ __________
> > > > > Apache Interface to OpenSSL (mod_ssl)
> > > > www.modssl.org
> > > > > User Support Mailing List
> > > > modssl-users@modssl.org
> > > > > Automated List Manager
> > > > majordomo@modssl.org
> > > > >
> > > >
> > > >
> > ____________________________________________________________ __________
> > > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > > User Support Mailing List
> > modssl-users@modssl.org
> > > > Automated List Manager
> > majordomo@modssl.org
> > > >
> > >
> > > -
> > >
> > > NOTICE: The information contained in this email and any
> > attachments is
> > > confidential and may be legally privileged. If you are not the
> > > intended recipient you are hereby notified that you must not use,
> > > disclose, distribute, copy, print or rely on this email's
> > content. If
> > > you are not the intended recipient, please notify the sender
> > > immediately and then delete the email and any attachments from your
> > > system.
> > >
> > > RNIB has made strenuous efforts to ensure that emails and any
> > > attachments generated by its staff are free from viruses.
> > However, it
> > > cannot accept any responsibility for any viruses which are
> > > transmitted. We therefore recommend you scan all attachments.
> > >
> > > Please note that the statements and views expressed in this email
> > > and any attachments are those of the author and do not necessarily
> > > represent those of RNIB.
> > >
> > > RNIB Registered Charity Number: 226227
> > >
> > > Website: http://www.rnib.org.uk
> > >
> > ____________________________________________________________ __________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > modssl-users@modssl.org
> > > Automated List Manager
> > majordomo@modssl.org
> > >
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
> >
>
> -
>
> NOTICE: The information contained in this email and any attachments is
> confidential and may be legally privileged. If you are not the
> intended recipient you are hereby notified that you must not use,
> disclose, distribute, copy, print or rely on this email's content. If
> you are not the intended recipient, please notify the sender
> immediately and then delete the email and any attachments from your
> system.
>
> RNIB has made strenuous efforts to ensure that emails and any
> attachments generated by its staff are free from viruses. However, it
> cannot accept any responsibility for any viruses which are
> transmitted. We therefore recommend you scan all attachments.
>
> Please note that the statements and views expressed in this email
> and any attachments are those of the author and do not necessarily
> represent those of RNIB.
>
> RNIB Registered Charity Number: 226227
>
> Website: http://www.rnib.org.uk
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: POST with mod_ssl intermittently fails with a 405

Thank you, Wolf-Dietrich! You are right. The bug documents my problem
exactly. I'm disappointed that there seems to be no solution...

Regards,
=09-JP


On Tue, 17 Dec 2002, Moeller Wolf-Dietrich wrote:

> This error might be related to bug
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3D12355
> ,
> as your error message
> > > >=09[Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> > > >in conjunction with POST method not supported!
> > > >=09hint: try SSLOptions +OptRenegotiate
> suggests.
>
> My interpretation (not sure).
> On an existing SSL connection (established with a GET request), subsequen=
t
> POSTs are possible.
> But after timeout of this connection, if the first request for the new
> establishment of connection is POST, it sometimes (or always?) fails.
> Therefor the intermittend error only.
>
> You can produce this error always, if you do "Verify client" for single
> directories only, not for the whole server.
>
> By the way: The hint with +OptRenegotiate does not help for the above bug=

>
> Hope it helps.
> Wolf
>
> ----------------------------------------
> Dr. Wolf-Dietrich Moeller
> Siemens AG, CT IC 3, D-81730 München
> Corporate Technology Department Security
> Mch P, Tel. +49 89 636-53391, Fax -48000
> mailto:HYPERLINK
> "mailto:wolf-dietrich.moeller@siemens.com"wolf-dietrich.moel ler@siemens.c=
om
>
> Intranet https://security.ct.siemens.de/ >
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

win32 binary build question

I am new to Apache. I have a window 2000 and want to install apache with
SSL. I found the
http://tor.ath.cx/~hunter/apache/Apache_2.0.43-OpenSSL_0.9.6 g-Win32.zip from
Hunter's site (thanks to Hunter). I've configured the httpd.conf and
ssl.conf. I got the security cert as well.

After I started the apache(bin\apache -k start), the server started fine
without error(no error in error log), but the HTTPS failed when I tried to
retrieve pages from HTTPS. I think something maybe wrong in my ssl.conf.

Can someone give suggestions or provide a sample ssl.conf?

Thanks a lot,

Dawn Sun


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org