From: Doug MacEachern Date: Tue, 11 Jun 2002 03:19:27 +0000 (+0000) Subject: PR: X-Git-Tag: 2.0.37~5 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=db7a29e3b7168c7aa454443d9237bc89c902f656;p=apache PR: Obtained from: Submitted by: Reviewed by: allow POST method over SSL when per-directory client cert authentication is used with 'SSLOptions +OptRenegotiate' enabled and a client cert was found in the ssl session cache. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95602 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 45fe399804..7ba4e0d755 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,9 @@ Changes with Apache 2.0.37 + *) allow POST method over SSL when per-directory client cert + authentication is used with 'SSLOptions +OptRenegotiate' enabled + and a client cert was found in the ssl session cache. + *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl session cache when there is no cert chain in the cache. prior to the fix this situation would result in a FORBIDDEN response and diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 9b180dffba..9274298e55 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -673,10 +673,11 @@ int ssl_hook_Access(request_rec *r) * * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! */ - if (renegotiate && (r->method_number == M_POST)) { + if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "SSL Re-negotiation in conjunction " - "with POST method not supported!"); + "with POST method not supported!\n" + "hint: try SSLOptions +OptRenegotiate"); return HTTP_METHOD_NOT_ALLOWED; }