I pulled down the snapshot just now in the hope that it would include
a fix for a problem I was in the process of dealing with.
First the good news: it compiled and ran with no apparent hitches
under SunOS 5.6 (with mod_perl-1.21 and openssl 0.9.4)
Now, what for me was bad: A (perhaps known) bug (or at least
annoyance) is still in there. When you specify "SSLVerifyClient
required" within a <Directory ...> directive something gets confused
for CGI posts. This causes a 405 "Method Not Allowed - The requested
method POST is not allowed for the URL /cgi-auth/foo.pl." and in the
errors_log "[error] mod_ssl: SSL Re-negotiation in conjunction with
POST method not supported!" I saw several messages in the list
archive about what looked like this bug, but I was uncertain in many
cases. Partially because I believe the error messages I am seeing are
recent additions. This is the same error message and similar
configuration as bug ID #285 so it may be related, if not I can open a
new bug ID on it if that seems like the right thing to do.
Next, what I'm trying to do in case someone can suggest a workaround:
I would like to run two versions of my CGI script, one with
SSLVerifyClient "required" and one with "none". I've been doing this
for over a year now on seperate ports (and seperate VirtualHosts), but
one of my users just contacted me asking me to run the authenticated
service on 443 (the port I am using for noauth) since his company
firewalls the other port I chose. Is there a way I can get working
both types of POSTs on the same port number.
Incidentally I also tried setting the <VirtualServer ...> to
"required" and the <Directory ..> within it to be "none". In this
case it seemed to ignore the directive inside the <Directory ...> and
still take the user certificate in that directory.
Jer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
