From owner-freebsd-questions@FreeBSD.ORG Mon Dec 7 18:23:53 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB5E11065672 for ; Mon, 7 Dec 2009 18:23:53 +0000 (UTC) (envelope-from toomas.aas@raad.tartu.ee) Received: from smtp-out.neti.ee (smtp-out.neti.ee [194.126.126.36]) by mx1.freebsd.org (Postfix) with ESMTP id A0D268FC12 for ; Mon, 7 Dec 2009 18:23:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by relay212.estpak.ee (Postfix) with ESMTP id 026C011D32BEF for ; Mon, 7 Dec 2009 20:23:52 +0200 (EET) X-Virus-Scanned: amavisd-new at estpak.ee Received: from smtp-out.neti.ee ([127.0.0.1]) by localhost (relay212.estpak.ee [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f3nbh30eN57g for ; Mon, 7 Dec 2009 20:23:49 +0200 (EET) Received: from NETI-Relayhost2.estpak.ee (neti-relayhost2.estpak.ee [88.196.174.199]) by relay212.estpak.ee (Postfix) with ESMTP id 819AD11D32B51 for ; Mon, 7 Dec 2009 20:23:49 +0200 (EET) X-SMTP-Auth-NETI-Businessmail: no Received: from carlsberg.kodu.lan (84-50-137-163-dsl.rkv.estpak.ee [84.50.137.163]) by NETI-Relayhost2.estpak.ee (Postfix) with ESMTP id 85AA36A3 for ; Mon, 7 Dec 2009 20:23:49 +0200 (EET) Message-ID: <4B1D4835.6070502@raad.tartu.ee> Date: Mon, 07 Dec 2009 20:23:49 +0200 From: Toomas Aas User-Agent: Thunderbird 2.0.0.23 (X11/20090917) MIME-Version: 1.0 To: questions@freebsd.org References: <4B17F284.3000602@raad.tartu.ee> In-Reply-To: <4B17F284.3000602@raad.tartu.ee> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Re: SA-09-15 vs Apache with client certificates X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Dec 2009 18:23:54 -0000 Toomas Aas wrote: > > Do I understand the "NOTE WELL" section of FreeBSD-SA-09:15 correctly > that if I apply the patch then this functionality will no longer work? > Testing confims that my understanding is correct. I applied the patch and authentication results in "ssl_error_handshake_failure_alert" returned by Firefox, whereas the server logs "Re-negotiation handshake failed: Not accepted by client!?". So I quickly reversed the patch. I'm surprised more people aren't getting bitten by this. -- Toomas Aas ... If you think nobody cares about you, try missing a couple of payments.