You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/03/30 15:46:36 UTC
DO NOT REPLY [Bug 39154] New: - Problem with webdav over SSL with client certificate autentication
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39154>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39154
Summary: Problem with webdav over SSL with client certificate
autentication
Product: Apache httpd-2
Version: 2.2.0
Platform: All
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: gmeinusch@yahoo.de
I have a problem with apache 2.2.0 + mod_ssl and mod_dav
If I try to upload a file over a Client-Certificate secured connection to
Webdav-folder on Apache-Server, I get a unspecified error on the Webdav-client
(MS Explorer) and a �request body exceeds maximum size for SSL buffer�-error on
the Apache-side.
If I� take off the Client-Certificate-Authentication everything works fine.
I think that is a bug in the mod_ssl module.
Thank's
Gregory
----------------
Logfile:
Error.log
[Thu Mar 30 13:25:26 2006] [error] [client 217.228.63.33] request body exceeds
maximum size for SSL buffer
[Thu Mar 30 13:25:26 2006] [error] [client 217.228.63.33] could not buffer
message body to allow SSL renegotiation to proceed
access.log
217.228.63.33 - - [30/Mar/2006:13:25:15 +0200] "PROPFIND /freunde/upload/test
HTTP/1.1" 207 853 "-" "Microsoft Data Access Internet Publishing Provider DAV"
217.228.63.33 - - [30/Mar/2006:13:25:15 +0200] "PROPFIND /freunde/upload/test
HTTP/1.1" 207 963 "-" "Microsoft Data Access Internet Publishing Provider DAV"
217.228.63.33 - - [30/Mar/2006:13:25:20 +0200] "HEAD
/freunde/upload/test/test.jpg HTTP/1.1" 404 - "-" "Microsoft Data Access
Internet Publishing Provider DAV"
217.228.63.33 - - [30/Mar/2006:13:25:20 +0200] "PUT
/freunde/upload/test/test.jpg HTTP/1.1" 413 1090 "-" "Microsoft Data Access
Internet Publishing Provider DAV"
----------------
Configuration:
http.conf:
�
<VirtualHost 80.xx.xx.xx:443>
ServerName www.xxxxxxx.de
DocumentRoot /home/xxxxxxx.de/httpsdocs
CustomLog /home/xxxxxxx.de/statistics/logs/access_ssl.log
CustomLog /home/xxxxxxx.de/statistics/logs/request_ssl.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ErrorLog /home/xxxxxxx.de/statistics/logs/error_ssl.log
SSLEngine on
SSLOptions +StrictRequire
. . .
DavLockDB /home/xxxxxx.de/conf/webdav/lockdb
Alias /freunde/upload /home/xxxxxx.de/webdav/freunde
<Directory /home/xxxxxx.de/webdav/freunde>
SSLVerifyClient require
SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and %{SSL_CLIENT_S_DN_O} eq
"Xxxxxx" && %{SSL_CLIENT_S_DN_CN} in {"Gregor Meinusch"} )
Dav On
<LimitExcept GET HEAD OPTIONS>
</LimitExcept>
Options +SymLinksIfOwnerMatch -Includes -ExecCGI
</Directory>
. . .
</virtualhost>
Ssl-global.conf
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
#SSLSessionCache nonenotnull
#SSLSessionCache dbm:/var/lib/apache2/ssl_cache
#SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000)
#SSLSessionCache shm:/var/lib/apache2/ssl_cache(512000)
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache
SSLSessionCacheTimeout 600
SSLMutex file:/var/lib/apache2/ssl_mutex
SSLMutex sem
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLProtocol all -SSLv2
SSLCertificateFile /home/xxxxxx.de/conf/certificates/www.xxx.de.cert
SSLCertificateKeyFile /home/xxxxxx.de/conf/certificates/www.xxx.de.key
SSLCACertificateFile /home/xxxxxx.de/conf/certificates/cacerts.pem
SSLVerifyDepth 2
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39154] - Problem with webdav over SSL with client certificate autentication
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39154>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39154
------- Additional Comments From gmeinusch@yahoo.de 2006-03-31 07:12 -------
Thank you! Now it works perfectly!
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39154] - Problem with webdav over SSL with client certificate autentication
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39154>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39154
rpluem@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
------- Additional Comments From rpluem@apache.org 2006-03-30 21:16 -------
This does not work on directory level with large files, because we currently do
not buffer the request body on disk but only 128k at max in memory. Moving
SSLVerifyClient require to virtual host level will make it work (see also PR12355)
*** This bug has been marked as a duplicate of 12355 ***
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org