This is a multi-part message in MIME format.
------_=_NextPart_001_01C4553D.052A70D0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello,
We're setting up a site with client authentication and are using apache
1.3 and mod_ssl for that.
We are using the apache alias command to make all requests to a certain
url pass through a php script.
The web dir where the script is located is protected by SSLVerifyClient
require.
When i address a directory beyond the alias definition (which then is
passed through the php script), the client will get a SSL certificate
selection box.
When i authenticate with a correct SSL client cert, all is well,
everything works as it should work.
When i authenticate with a wrong SSL client cert, i *should* get a
forbidden, page not found or something alike.
The problem is the folowing:
In this last example, i DO get the page in front of me, but only the
first time, on a refresh/reload of the page i get a forbidden.
It seems that only the initial request with a wrong certificate is
allowed to the apache Alias, after that everything is denied.
Here is a small piece of my configuration.
Alias /protected/dynamic
/website/docroot/protected/dynamic/index.php
<Directory /website/docroot/protected>
SSLVerifyClient require
SSLVerifyDepth 2
</Directory>
Without the alias definition, everything does work as it should. The
alias definition is the causing the problem (but we kind of need it).
Am i doing something wrong? does the Alias definition need special
treatment within the ssl config?
Regards,
Tom Duijf
Cee-Kay
------_=_NextPart_001_01C4553D.052A70D0
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004>Hello,</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>We're =
setting up a
site with client authentication and are using apache 1.3 and mod_ssl for =
that.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>We are =
using the
apache alias command to make all requests to a certain url pass through =
a php
script.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>The =
web dir where
the script is located is protected by SSLVerifyClient
require.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>When i =
address a
directory beyond the alias definition (which then is passed through the =
php
script), the client will get a SSL certificate selection
box.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>When i =
authenticate
with a correct SSL client cert, all is well, everything works as it =
should
work.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>When i =
authenticate
with a wrong SSL client cert, i *should* get a forbidden, page not found =
or
something alike.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>The =
problem is the
folowing:</SPAN></FONT></DIV></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>In =
this last
example, i DO get the page in front of me, but only the first time, on a =
refresh/reload of the page i get a forbidden.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>It =
seems that only
the initial request with a wrong certificate is allowed to the apache =
Alias,
after that everything is denied.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>Here =
is a small
piece of my configuration.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004> Alias =
/protected/dynamic
/website/docroot/protected/dynamic/index.php</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D993424813-18062004><Directory
/website/docroot/protected><BR> &nb=
sp;
SSLVerifyClient require<BR>
SSLVerifyDepth 2<BR></Directory><BR></SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D993424813-18062004>Without the alias
definition, everything does work as it should. The alias definition is =
the
causing the problem (but we kind of need it).</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>Am i =
doing something
wrong? does the Alias definition need special treatment within the ssl
config?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004>Regards,</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D993424813-18062004>Tom
Duijf</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN
class=3D993424813-18062004>Cee-Kay</DIV></SPAN></FONT></BODY></HTML>
------_=_NextPart_001_01C4553D.052A70D0--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
