Description of problem: If SSLClientVerify for a <directory> is configured, such as: <Directory "/var/www/html/site"> SSLVerifyClient require SSLVerifyDepth 10 </Directory> And mod rewrite is configured for this site: (via .htaccess in before mentioned directory) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] Submitting a POST with variables defined do NOT show up on the script/php side. Disabling mod_rewrite or SSLVerifyClient for the path will cause POST variables to be defined. Version-Release number of selected component (if applicable): How reproducible: every time Steps to Reproduce: 1. setup an https server with a certificate bundle and turn on sslVerifyClient 2. install a client certificate in your browser 3. setup mod rewrite rules 4. load any page, and try to submit POST variables. phpinfo() will show no $_POST is defined. Actual results: no $_POST variables in php land with this configuration Expected results: need those $_POST variables Additional info:
Ah, this is a known bug in the mod_ssl per-dir-reneg code; I fixed it upstream a while back. Thanks for the report.
Fixed upstream by: http://svn.apache.org/viewvc?rev=591393&view=rev
Would it be possible to get this integrated into the next bug release of http/mod_ssl via RHN? For my short term needs, i think i am going to try to patch the source rpm with your changes and see what happens.
The fix is now scheduled for inclusion in RHEL 5.4. If you need a supported fix sooner please contact Red Hat Support.
Fix works great! i was able to recompile up the SRPM with the patch, and first round of testing looks great! Thanks for the pointer.
Good to hear - thanks for posting the feedback.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1380.html