On 11/18/2009 08:32 PM, Jean-Marc Desperrier wrote: > Stefan Fritsch wrote: >> I cannot reproduce the problems. With an openssl that rejects all >> renegotiations, both reconnections after ssl session timeout and >> connections to a host with sslverifyclient optional work fine (with >> openssl s_client). > > I have now succeeded in reproducing at least partially the > "SSLVerifyClient optional" problem, though what I'm testing in not > exactly the same as you. > > I'm testing that with a server where the vhost context has > "SSLVerifyClient None" and a /authentication directory has > "SSLVerifyClient optional", requests that alternate between these two > directory will repeatedly require authentication even when you have > already authenticated yourself inside the same SSL session.
Have you tried if this goes away when you set OptRenegotiate for SSLOptions http://httpd.apache.org/docs/2.2/en/mod/mod_ssl.html#ssloptions ? Regards RĂ¼diger
