Re: Client Authentication POST Problem

On Sat, Dec 25, 2004 at 10:52:27PM -0500, Cliff Woolley wrote:
> On Sat, 25 Dec 2004, Adolfo Bello wrote:
> 
> > I heartily agree.
> > Unfortunately, I've been waiting for more than a year for this problem
> > to be fixed in Apache 2.0.x :-(
> > This bug was opened on 2002-09-06
> > http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12355
> 
> Usually the trick to getting something really done around here is to keep
> reminding somebody until it really gets their attention.  :)  Anyway I'll
> forward this on to dev@httpd, and maybe we'll get a taker.

It's a particularly annoying problem.  The solution in mod_ssl-for-1.3
is not really ideal (it allows a DoS attack of sorts); I spent some time
working on a better solution for 2.0 but it didn't seem feasible in the
end.  It remains on my list of "hard problems to fix" as time permits...

joe
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@xxxxxxxxxx
Automated List Manager                            majordomo@xxxxxxxxxx