Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 07 Dec 2009 20:23:49 +0200
From:      Toomas Aas <toomas.aas@raad.tartu.ee>
To:        questions@freebsd.org
Subject:   Re: SA-09-15 vs Apache with client certificates
Message-ID:  <4B1D4835.6070502@raad.tartu.ee>
In-Reply-To: <4B17F284.3000602@raad.tartu.ee>
References:  <4B17F284.3000602@raad.tartu.ee>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Toomas Aas wrote:

> 
> Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly 
> that if I apply the patch then this functionality will no longer work?
> 

Testing confims that my understanding is correct. I applied the patch and 
authentication results in "ssl_error_handshake_failure_alert" returned by 
Firefox, whereas the server logs "Re-negotiation handshake failed: Not 
accepted by client!?". So I quickly reversed the patch.

I'm surprised more people aren't getting bitten by this.

--
Toomas Aas

... If you think nobody cares about you, try missing a couple of payments.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4B1D4835.6070502>