I have a problem with apache 2.2.0 + mod_ssl and mod_dav If I try to upload a file over a Client-Certificate secured connection to Webdav-folder on Apache-Server, I get a unspecified error on the Webdav-client (MS Explorer) and a “request body exceeds maximum size for SSL buffer”-error on the Apache-side. If I’ take off the Client-Certificate-Authentication everything works fine. I think that is a bug in the mod_ssl module. Thank's Gregory ---------------- Logfile: Error.log [Thu Mar 30 13:25:26 2006] [error] [client 217.228.63.33] request body exceeds maximum size for SSL buffer [Thu Mar 30 13:25:26 2006] [error] [client 217.228.63.33] could not buffer message body to allow SSL renegotiation to proceed access.log 217.228.63.33 - - [30/Mar/2006:13:25:15 +0200] "PROPFIND /freunde/upload/test HTTP/1.1" 207 853 "-" "Microsoft Data Access Internet Publishing Provider DAV" 217.228.63.33 - - [30/Mar/2006:13:25:15 +0200] "PROPFIND /freunde/upload/test HTTP/1.1" 207 963 "-" "Microsoft Data Access Internet Publishing Provider DAV" 217.228.63.33 - - [30/Mar/2006:13:25:20 +0200] "HEAD /freunde/upload/test/test.jpg HTTP/1.1" 404 - "-" "Microsoft Data Access Internet Publishing Provider DAV" 217.228.63.33 - - [30/Mar/2006:13:25:20 +0200] "PUT /freunde/upload/test/test.jpg HTTP/1.1" 413 1090 "-" "Microsoft Data Access Internet Publishing Provider DAV" ---------------- Configuration: http.conf: … <VirtualHost 80.xx.xx.xx:443> ServerName www.xxxxxxx.de DocumentRoot /home/xxxxxxx.de/httpsdocs CustomLog /home/xxxxxxx.de/statistics/logs/access_ssl.log CustomLog /home/xxxxxxx.de/statistics/logs/request_ssl.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ErrorLog /home/xxxxxxx.de/statistics/logs/error_ssl.log SSLEngine on SSLOptions +StrictRequire . . . DavLockDB /home/xxxxxx.de/conf/webdav/lockdb Alias /freunde/upload /home/xxxxxx.de/webdav/freunde <Directory /home/xxxxxx.de/webdav/freunde> SSLVerifyClient require SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)/ and %{SSL_CLIENT_S_DN_O} eq "Xxxxxx" && %{SSL_CLIENT_S_DN_CN} in {"Gregor Meinusch"} ) Dav On <LimitExcept GET HEAD OPTIONS> </LimitExcept> Options +SymLinksIfOwnerMatch -Includes -ExecCGI </Directory> . . . </virtualhost> Ssl-global.conf AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin #SSLSessionCache nonenotnull #SSLSessionCache dbm:/var/lib/apache2/ssl_cache #SSLSessionCache shmht:/var/lib/apache2/ssl_scache(512000) #SSLSessionCache shm:/var/lib/apache2/ssl_cache(512000) SSLSessionCache shmcb:/var/lib/apache2/ssl_scache SSLSessionCacheTimeout 600 SSLMutex file:/var/lib/apache2/ssl_mutex SSLMutex sem SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLProtocol all -SSLv2 SSLCertificateFile /home/xxxxxx.de/conf/certificates/www.xxx.de.cert SSLCertificateKeyFile /home/xxxxxx.de/conf/certificates/www.xxx.de.key SSLCACertificateFile /home/xxxxxx.de/conf/certificates/cacerts.pem SSLVerifyDepth 2 SSLRandomSeed startup builtin SSLRandomSeed connect builtin
This does not work on directory level with large files, because we currently do not buffer the request body on disk but only 128k at max in memory. Moving SSLVerifyClient require to virtual host level will make it work (see also PR12355) *** This bug has been marked as a duplicate of 12355 ***
Thank you! Now it works perfectly!