On Mon, 10 Jun 2002, Doug MacEachern wrote:
> i'd be surprised if 'SSLOptions +OptRengotiate' actually ever worked for
> anybody before this change, including the 1.3 based modssl which still has
> this issue.
i take that back a bit, i'd be surprised if it worked for anybody using
netscape 4.xx where you can see:
- click on the security lock icon
- click on "Navigator"
there is an option here "Certificate to identify you to a website"
the default is [Ask Every Time]
it is only an issue in that case, where the first request prompts for
client cert, any request after that with SSLSessionCache results in
FORBIDDEN with the "Cannot find peer certificate chain" error_log message.
this is not a problem when the netscape option is changed to
[Select Automatically]
which i think newer versions do by default, same with IE and likely other
clients.
