httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Selim Seynur <Selim.Sey...@ENTRUST.COM>
Subject RE: [users@httpd] Requesting Client Certificate with Post Data
Date Wed, 12 Mar 2003 17:15:14 GMT
Hi,
 
I guess I have found a solution for my own problem.  Meanwhile, I can share
the knowledge as well :)
 
 <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355>
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
 
It seems like a bug.
 
- Selim

-----Original Message-----
From: Selim Seynur [mailto:Selim.Seynur@entrust.com]
Sent: Tuesday, March 11, 2003 7:53 PM
To: 'users@httpd.apache.org'
Subject: [users@httpd] Requesting Client Certificate with Post Data


Hi,
 
I am using Apache 2.0.44 on Linux with mod_ssl.  I have the correct CA and
the server certificates setup properly.
I am trying to request and verify client certificate for a certain URL.  In
my setup, that URL (the cgi) has to be requested via POST.
I get the following error in error_log file:
 
[Tue Mar 11 19:51:25 2003] [error] SSL Re-negotiation in conjunction with
POST method not supported!
hint: try SSLOptions +OptRenegotiate

 
When I request the URL via GET, I get the Client Authentication window pop
up and things work (from Apache's view point)
 
My configuration entry looks as following under default SSL Virtual Host:
 
<Directory "/opt/web/cgi-bin">
    SSLOptions +StdEnvVars +OptRenegotiate
</Directory>
 
<Location /cgi-bin/TableManagerAdmin.pl>
SSLVerifyClient require
SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
            and %{SSL_CLIENT_S_DN_O} eq "MyOrg" \
            and %{SSL_CLIENT_S_DN_C} eq "US" \
            and %{SSL_CLIENT_M_SERIAL} eq "3DA12345" )
</Location>

Even though I put the +OptRenegotiate as the error_log file suggested, I
still get the same error.
 
The error on the browser is:
 
--------------------------


Method Not Allowed


The requested method POST is not allowed for the URL
/cgi-bin/TableManagerAdmin.pl.

-----------------------

Does anybody have any idea on this?  I really appreciate any input.
 
Thanks.
 
- Selim


Mime
View raw message