PR:

Obtained from:
Submitted by:
Reviewed by:
allow POST method over SSL when per-directory client cert
authentication is used with 'SSLOptions +OptRenegotiate' enabled
and a client cert was found in the ssl session cache.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95602 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -1,5 +1,9 @@
 Changes with Apache 2.0.37
 
+  *) allow POST method over SSL when per-directory client cert
+     authentication is used with 'SSLOptions +OptRenegotiate' enabled
+     and a client cert was found in the ssl session cache.
+
   *) 'SSLOptions +OptRengotiate' will use client cert in from the ssl
      session cache when there is no cert chain in the cache.  prior to
      the fix this situation would result in a FORBIDDEN response and

modules/ssl/ssl_engine_kernel.c

@@ -673,10 +673,11 @@ int ssl_hook_Access(request_rec *r)
      *
      * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
      */
-    if (renegotiate && (r->method_number == M_POST)) {
+    if (renegotiate && !renegotiate_quick && (r->method_number == M_POST)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                      "SSL Re-negotiation in conjunction "
-                     "with POST method not supported!");
+                     "with POST method not supported!\n"
+                     "hint: try SSLOptions +OptRenegotiate");
 
         return HTTP_METHOD_NOT_ALLOWED;
     }