Commit 5a2ea818 authored by Doug MacEachern's avatar Doug MacEachern
Browse files

PR: 

Obtained from:
Submitted by:
Reviewed by:
allow POST method over SSL when per-directory client cert
authentication is used with 'SSLOptions +OptRenegotiate' enabled
and a client cert was found in the ssl session cache.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95602 13f79535-47bb-0310-9956-ffa450edef68
parent b69309e9

CHANGES

+4 −0
Original line number Diff line number Diff line 
Changes with Apache 2.0.37













  *) allow POST method over SSL when per-directory client cert













     authentication is used with 'SSLOptions +OptRenegotiate' enabled













     and a client cert was found in the ssl session cache.



























  *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl















     session cache when there is no cert chain in the cache.  prior to















     the fix this situation would result in a FORBIDDEN response and

































modules/ssl/ssl_engine_kernel.c



+3
−2






























Original line number
Diff line number
Diff line








@@ -673,10 +673,11 @@ int ssl_hook_Access(request_rec *r)













     *















     * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!















     */













    if (renegotiate && (r->method_number == M_POST)) {













    if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) {















        ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,















                     "SSL Re-negotiation in conjunction "













                     "with POST method not supported!");













                     "with POST method not supported!\n"













                     "hint: try SSLOptions +OptRenegotiate");































        return HTTP_METHOD_NOT_ALLOWED;















    }