El Martes, 30 de Diciembre de 2008 17:53:42 krist.vanbesien@xxxxxxxxx escribió: > On 12/30/08, Miguel Angel Tormo Alfaro <mlists@xxxxxxxxx> wrote: > > > I thought it could be a browser issue, however the same config in apache 2.0 > > doesn't behave this way. On the other hand I'm able to reproduce the problem > > with firefox 2, 3, seamonkey 1.1.7 and konqueror. I don't see anything > > related to this in the apache logs. I've done many tests and now I have no > > clue about why it keeps asking for a certificate. It should be noted though > > that apache asks for the certificate only once, if I don't restart the > > browser or delete cookies. > > Are there other configuration directives in mod_ssl besides SSLVerifyClient > > that may influence this behaviour? > > Which other SSL directives do you have in your config? Can you show it to us? > Thank you for your response. Here there are (taken from http://myserver/server-info) mod_ssl.conf: SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/run/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex file:/var/run/ssl_mutex Default virtual host conf file: SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/cert.pem SSLCertificateKeyFile /etc/apache2/ssl/key.pem SSLCertificateChainFile /etc/apache2/ssl/ips.crt SSLVerifyClient none And in the virtual host conf file: SSLEngine On SSLCertificateFile /etc/apache2/ssl/cert.pem SSLCertificateKeyFile /etc/apache2/ssl/key.pem SSLCertificateChainFile /etc/apache2/ssl/ips.crt SSLVerifyClient none SSLOptions -ExportCertData -StdEnvVars +OptRenegotiate I have been playing with those SSLOptions (adding / removing, etc), but none of them seem to affect this strange behaviour. I'm using name based virtualhosts (one IP), so one certificate for all of them (I'm not relying on SNI as many browsers don't support it yet). It is very difficult to try new things as the error seems to be very random. Today for instance I've done a bunch of tries and it only asked for the certificate once. I've tried from 4 different computers with different browsers. On the other hand, may it be related to the SSLSessionCache? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|