SA-09-15 vs Apache with client certificates

Toomas Aas toomas.aas at raad.tartu.ee
Mon Dec 7 18:23:54 UTC 2009


Toomas Aas wrote:

> 
> Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly 
> that if I apply the patch then this functionality will no longer work?
> 

Testing confims that my understanding is correct. I applied the patch and 
authentication results in "ssl_error_handshake_failure_alert" returned by 
Firefox, whereas the server logs "Re-negotiation handshake failed: Not 
accepted by client!?". So I quickly reversed the patch.

I'm surprised more people aren't getting bitten by this.

--
Toomas Aas

... If you think nobody cares about you, try missing a couple of payments.


More information about the freebsd-questions mailing list