apache 1.3.6
openssl .9.3a
modssl 2.3.4
Interestingly enough, I found the exact same problem this morning. I'm
just writing our first cgi to require client certificates, and if the form
to be submitted is a get to the GET method, all is fine. Set it to post,
and I get an I/O error on the browser. My ssl_engine_log has the following
entries :
[22/Jul/1999 05:14:17] [info] Connection to child 6 established (server
dserver.ic.gc.ca:443)
[22/Jul/1999 05:14:18] [info] Connection: Client IP: 142.53.67.60,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[22/Jul/1999 05:14:18] [info] Initial (No.1) HTTPS request received for
child 6 (server dserver.ic.gc.ca:443)
[22/Jul/1999 05:14:18] [info] Requesting connection re-negotiation
[22/Jul/1999 05:14:18] [info] Awaiting re-negotiation handshake
[22/Jul/1999 05:14:18] [error] Re-negotiation handshake failed: Not
accepted by client!?
[22/Jul/1999 05:14:18] [error] SSL error on reading data (OpenSSL library
error follows)
[22/Jul/1999 05:14:18] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[22/Jul/1999 05:14:18] [error] SSL error on writing data (OpenSSL library
error follows)
[22/Jul/1999 05:14:18] [error] OpenSSL: error:140940F5:SSL
routines:SSL3_READ_BYTES:unexpected record
[22/Jul/1999 05:14:18] [info] Connection to child 6 closed with standard
shutdown (server dserver.ic.gc.ca:443)
Netscape 4.03 on Linux is what I'm using for a browser. However, it
appears to work on IE 4.0.
As well, starting with a fresh browser I found that when the methos is set
to post, the browser never even asks for the user cert.
Perhaps the Netscape browser is having problems with reposting the data
for the CGI in renegotiation, as the data does not have to be reposted
when you use a get?
Jeff
On Thu, 22 Jul 1999 [EMAIL PROTECTED] wrote:
> On Wed, Jul 21, 1999, [EMAIL PROTECTED] wrote:
>
> > Full_Name: Dario Castagnino
> > Version: 2.2.4
> > OS: Linux 2.0.36
> > Submission from: (NULL) (200.1.228.95)
> >
> > We are using Mod_ssl & Open_ssl with Apache server 1.3.4.
> > We are having problems when we try to use the post method
> > to communicate to programs via CGI.
> >
> > When the browser tries to make the post, it pops a window saying:
> > an I/O error ocurred during security authorization.
> > We do not get the error when we use GET method.
> >
> > We tried to solve it by changing the executables permissions so that
> > everybody can execute, read and write on them. After that the error
> > persisted on some programs , but not all of them. Also on the programs
> > that worked, it also failed from time to time.
> >
> > The error_logs of the apache shows nothing about the problem.
> > Also if we try the same applications with no ssl (apache without ssl)
> > there are no problems at all.
> >
> > Any help on this will be appreciated
>
> Changes with mod_ssl 2.2.5 (04-Mar-1999 to 18-Mar-1999)
>
> *) Fixed the POST-problem where kept-alive HTTPS connections hang or
> resulted in an I/O error inside the browser because the ``SSL close
> notify'' alert couldn't be sent correctly because of Apache's internal
> ``lingering close'' handling. EAPI was changed to now correctly call the
> close_connection module hook also on timeout and linger closes. This
> EAPI change means you cannot upgrade your libssl.so with --with-apxs to
> this version. A complete Apache rebuild with the updated EAPI code is
> necessary.
> Ralf S. Engelschall
> [EMAIL PROTECTED]
> www.engelschall.com
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
