[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SSL renegotiation

From: Martin v. L÷wis <martin_at_v.loewis.de>
Date: 2003-05-13 23:29:49 CEST

Joe Orton <joe@manyfish.co.uk> writes:

> If I understand the code correctly, this will not work properly with the
> current port of mod_ssl to Apache 2.0 - there is a big comment in
> ssl_engine_kernel.c talking about how renegotiations aren't supported
> for requests with bodies. (it talks about POST, but I don't see why it
> wouldn't apply to any request with a body, such as the PROPFIND being
> used here)

I see. So this is not a problem of the svn client not responding to
the renegotiation, but a problem with Apache not offering one. Thanks
for this investigation.

> You might like to try using:
>
> SSLVerifyClient optional
[...]
> I'd be interested to hear whether that works!

I will sure try. The downside is that all SSL traffic to that server
will cause a popup to appear asking users what certificate they want
to use, when they really don't need to authenticate for some of the
resources (or will use basic authentication).

Regards,
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue May 13 23:30:59 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.