My server cert from thawte just arrived, and I installed it, stopped
apache, and restarted it. I went in to my Netscape "security" dialog
and deleted my existing server cert (before reloading the page with the
real cert). I reloaded an SSL page, and it worked (yay!). I then tried
to POST to a CGI script and it failed.
In addition, POST's seem to fail when the CGI script tries to send a
"Location: " header back instead of generating the content itself. I've
written a script that exibits this behavior, as well as forms that GET
and POST to this script. As you can see for yourself, GET works, and
HTTP works. POST with HTTPS fails. If anyone can get these scripts to
work with their browser, please let me know which browser you are using.
If anyone would like to copy these files onto their own server, and can
get them to work, I'd love to hear about it. The forms are here:
www.duluoz.net/get.html
www.duluoz.net/post.html
just add a http:// or https:// as appropriate. You'll also need
username: duluoz
password: immortality
for the http:// URL's
if the script is successful, you should simply be forwarded to my main
page. I may not be *truly* knowledgable about the internals of mod_ssl,
but I'm doing my best to provide useful information to those who are.
-mike
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
