Re: [BugDB] Personal Certificate Cache Problems (PR#107)

Fri, 19 Feb 1999 07:34:26 -0500 


> > > The apache web server is configured to require client certificates 
> > > to access.
> > > 
> > > The first time i access apache with Netscape 4.08, i have to indicate
> > > only the first which client certificate i will use until timeout 
> > > expires.
> > > 
> > > Then, when i close the netscape browser and start again, the apache asks
> > > the client certificate always.
> > 
> > Sure, Apache asks for a new certificate whenever the client cannot resume the
> > SSL session by giving a still valid session id. And as it looks Netscape
> > reasonably doesn't cache SSL sessions over restart time.
> 
> I don?t explain well. After the second restart, the  Netscape couldn?t cache
> SSL sessions in the same session.
> 
> > > In the MSIE 4.x everything is working fine.
> > 
> > You mean MSIE caches the session ids over restarts. This means it has to write
> > them down to disk. And this can perhaps even considered as a security problem.
> 
> MSIE doesn?t cache the session ids over restarts. I mean that it caches
> sessions ids in the same session.
> 
> > > Do you know what could be the problem ?? I'm i doing something wrong in 
> > > the apache configuration ?
> > 
> > No, neither you, nor Apache nor Netscape does anything wrong.  It's the way it
> > should be: As long as the browser is running it can hold the established
> > session id in core. When it's restarted a new session has to established and
> > when you require client authentication a new authentication has to be
> > performed. 
> > 
> > What's wrong is IMHO Microsoft...
> 
> I'm asking you again, what i'm doing wrong ?

Sorry, but seems like it's still not clear what exactly is your situation and
problem. Please explain it once more in more detail: At which times does it
work, at which time the browser restarts occurs and at which time it then no
longer work, i.e.  when exactly is the authentication redone while you excpect
it not to be done?
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to