I've upgraded to 0.9.6h and recompiled Apache. No change. Still get the
hint in the error_log. Any other ideas ?
-JP
On Tue, 17 Dec 2002, Boyle Owen wrote:
> Your openSSL libs are a bit old - there have been many important code
> updates since 0.9.6b. In particular, the most recent update (0.9.6h)
> fixed race condition bugs that were causing intermittent failures. Try
> an upgrade first, I would advise...
>
> Rgds,
>
> Owen Boyle
>
> >-----Original Message-----
> >From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
> >Sent: Dienstag, 17. Dezember 2002 16:07
> >To: [EMAIL PROTECTED]
> >Subject: POST with mod_ssl intermittently fails with a 405
> >
> >
> >Hello,
> >
> >I've got an self-built Apache on a RedHat 7.3 Linux box with
> >Apache/2.0.43,
> >mod_ssl/2.0.43, OpenSSL/0.9.6b, PHP/4.2.3 and mod_authzldap 0.22
> >
> >Every so often a PHP page is called with a POST request to
> >send data to the
> >server. The whole server area is protected via the following
> >settings in
> >ssl.conf:
> >
> ><Directory /var/www/html/ca>
> > Options Indexes FollowSymLinks ExecCGI
> > DirectoryIndex index.php index.cgi
> > SSLOptions FakeBasicAuth ExportCertData CompatEnvVars
> >StrictRequire StdEnvVars OptRenegotiate
> >
> > SSLRequireSSL
> > SSLVerifyClient require
> > SSLVerifyDepth 4
> > SSLRequire ( \
> > %{SSL_CIPHER} !~ m/^(EXP|NULL)/ and \
> > %{SSL_CLIENT_I_DN_CN} eq "my CA" )
> >
> > AuthzLDAPEngine on
> > AuthzLDAPAuthoritative on
> > AuthzLDAPServer localhost:389
> > AuthzLDAPBindDN "cn=manager,dc=mydomain,dc=com"
> > AuthzLDAPBindPassword "terriblysecret"
> > AuthzLDAPUseCertificate on
> > AuthzLDAPSetAuthorization on
> > AuthzLDAPUseSerial on
> > AuthzLDAPMapBase
> >ou=AuthzLDAPCertmap,dc=mydomain,dc=com
> > AuthzLDAPMapScope subtree
> > AuthzLDAPLogLevel warn
> > AuthzLDAPCacheConnection off
> > AuthzLDAPCacheSize 0
> > AuthName AuthzLDAP
> > AuthType Basic
> ></Directory>
> >
> >and with the following require in .htaccess of the same directory:
> >
> > require user "CN=Jan-Piet [EMAIL PROTECTED]"
> >
> >GET operations always work perfectly (BTW almost all resources
> >are .PHP).
> >Once in a while a POST method is attempted which then
> >sometimes fails (not
> >always). When it has failed, subsequent GET methods on
> >different pages do
> >not work either. After a certain time which always differs,
> >the GET will work
> >and the following POST also.
> >
> >I've tried changing SSLSessionCache to `shm' and SSLMutex to
> >`sem' thinking
> >it had something to do with it, but to no avail. The value of
> >SSLSessionCacheTimeout
> >doesn't seem to matter either.
> >
> >At the time of the failure, the logs have this in them:
> >
> >error_log:
> > [Tue Dec 17 15:38:21 2002] [notice] Apache/2.0.43
> >(Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b PHP/4.2.3 configured --
> >resuming normal operations
> > [Tue Dec 17 15:48:08 2002] [error] SSL Re-negotiation
> >in conjunction with POST method not supported!
> > hint: try SSLOptions +OptRenegotiate
> >
> >access_log:
> > 10.0.0.1 - - [17/Dec/2002:15:48:08 +0100] "POST
> >/ca/ra/upd.php HTTP/1.1" 405 312
> > 10.0.0.1 - - [17/Dec/2002:15:48:28 +0100] "GET
> >/ca/ra/req.php HTTP/1.1" 403 292
> > 10.0.0.1 - CN=Jan-Piet [EMAIL PROTECTED]
> >[17/Dec/2002:15:49:21 +0100] "GET /ca/ra/req.php HTTP/1.1" 200 4936
> >
> >ssl_request_log:
> > [17/Dec/2002:15:48:08 +0100] 10.0.0.1 TLSv1 RC4-MD5
> >"POST /ca/ra/upd.php HTTP/1.1" 312 s_dn="-", issuer="-"
> >
> >The clients are a mixture of Mozilla 1.2 and Internet Explorer 6.0 all
> >with a client cert issued by my CA. The issue affects both
> >clients (Netscape
> >4.5 shows the same)
> >
> >Can someone help me resolve this, please ?
> >
> >Thank you very much.
> >Regards,
> > -JP
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> >User Support Mailing List [EMAIL PROTECTED]
> >Automated List Manager [EMAIL PROTECTED]
> >
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
