I'm using client certificates to control access to specific sections of a site.
The relevant parts of the config include:
SSLVerifyClient none
SSLCACertificateFile "/home/apache/certs/client_ca.crt"
in the main part of the ssl config, and then
SSLVerifyClient require
SSLVerifyDepth 1
in the location section that covers that part of the site that certificates are needed for
This appears to be working, but I am getting an unwanted entries in the error log.
For example, when connecting from Chrome I get:
[Wed Nov 17 03:54:17 2010] [error] [client x.x.x.x] Re-negotiation handshake failed: Not accepted by client!?
When connecting from IE I get:
[Wed Nov 17 03:51:57 2010] [error] [client x.x.x.x] Re-negotiation handshake failed: Not accepted by client!?
[Wed Nov 17 03:52:05 2010] [error] [client x.x.x.x] insecure SSL re-negotiation required, but a pipelined request is present; keepalive disabled
Is there anything I can do to stop these happening? The connections do seem to be working in that when you go to the relevant URL the browers to prompt for a certificate selection, and once that is done they are able to browser the site.
If there is nothing that can stop these errors, is there something that can be done to stop them from being logged - would rather not have the error log filling up with something that does actaully seem to be working.
This is using Apache 2.2.15 and OpenSSL 0.9.8l
