Re: SSL renegotiation

From: Martin v. Löwis <martin_at_v.loewis.de>
Date: 2003-05-13 23:29:49 CEST

Joe Orton <joe@manyfish.co.uk> writes:

> If I understand the code correctly, this will not work properly with the
> current port of mod_ssl to Apache 2.0 - there is a big comment in
> ssl_engine_kernel.c talking about how renegotiations aren't supported
> for requests with bodies. (it talks about POST, but I don't see why it
> wouldn't apply to any request with a body, such as the PROPFIND being
> used here)

I see. So this is not a problem of the svn client not responding to
the renegotiation, but a problem with Apache not offering one. Thanks
for this investigation.

> You might like to try using:
>
> SSLVerifyClient optional
[...]
> I'd be interested to hear whether that works!

I will sure try. The downside is that all SSL traffic to that server
will cause a popup to appear asking users what certificate they want
to use, when they really don't need to authenticate for some of the
resources (or will use basic authentication).

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue May 13 23:30:59 2003

This message: [ Message body ]
Next message: Philipp von Weitershausen: "[PATCH] SWIG bindings refactoring (esp. python)"
Previous message: kfogel_at_collab.net: "Re: iteration pools and 'continue'"
In reply to: Joe Orton: "Re: SSL renegotiation"
Next in thread: Martin v. Löwis: "Re: SSL renegotiation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]