DO NOT REPLY [Bug 39243] - Can't post files larger than 128k onto ssl client cert secured site

[bu...@apache.org]

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39243>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=39243


rocketraman@fastmail.fm changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rocketraman@fastmail.fm




------- Additional Comments From rocketraman@fastmail.fm  2007-07-15 09:47 -------
I am running httpd 2.2.3 on CentOS 5.

This problem also affects SugarCRM attachment uploads. The login page for
SugarCRM uses a GET request, so the renegotiation should be fine, but users
report that sometimes the attachment upload still fails with this error. Perhaps
the client-certificate SSL session times out or something, which forces httpd to
renegotiate again? If so, this is yet another use case that supports adding a
configurable per-location buffer directive.

I can find no work-around for this other than setting "SSLVerifyClient require"
at the virtual host level. However, we have good reasons to *not* set
"SSLVerifyClient require" at the virtual host level, since many of our SSL
services do not require client certs. As stated in the docs, "SSLVerifyClient
optional" doesn't work for all clients (e.g. WebDAV on win2k for one).

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org