SA-09-15 vs Apache with client certificates
Toomas Aas
toomas.aas at raad.tartu.ee
Mon Dec 7 18:23:54 UTC 2009
Toomas Aas wrote:
>
> Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly
> that if I apply the patch then this functionality will no longer work?
>
Testing confims that my understanding is correct. I applied the patch and
authentication results in "ssl_error_handshake_failure_alert" returned by
Firefox, whereas the server logs "Re-negotiation handshake failed: Not
accepted by client!?". So I quickly reversed the patch.
I'm surprised more people aren't getting bitten by this.
--
Toomas Aas
... If you think nobody cares about you, try missing a couple of payments.
More information about the freebsd-questions
mailing list