Mailing List Archive: Apache: Bugs

[Bug 47427] browser doesn't get Error 403 if user's auth failed

Index | Next | Previous | View Threaded

bugzilla at apache

Jun 25, 2009, 8:28 AM

Post #1 of 7 (717 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

Mike <mike.pechkin [at] gmail> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |mike.pechkin [at] gmail

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

bugzilla at apache

Jun 25, 2009, 8:38 AM

Post #2 of 7 (677 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

--- Comment #1 from Mike <mike.pechkin [at] gmail> 2009-06-25 08:38:32 PST ---
1. you see error 403 in the log
2. browser doesn't get 403 error and ErrorDocument 403 ... doesn't work at all!

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

bugzilla at apache

Jun 25, 2009, 8:46 AM

Post #3 of 7 (686 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

--- Comment #2 from Mike <mike.pechkin [at] gmail> 2009-06-25 08:46:14 PST ---
1. setup apache, try openssl s_client

# openssl s_client -host 10.0.0.86 -port 8443
CONNECTED(00000003)
depth=1 /C=LV/ST=Riga/L=Riga/O=Parks AS CA/OU=IT/CN=Parks AS
CA/emailAddress=kuku [at] parks
verify error:num=19:self signed certificate in certificate chain
verify return:0
12358:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1053:SSL alert number 40
12358:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:

you will see the same error in Opera too.

2. if you use s_client under nginx, you would see prompt which fails later
because you didn't provide required key files.

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

bugzilla at apache

Jun 25, 2009, 10:24 AM

Post #4 of 7 (681 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

--- Comment #3 from Ruediger Pluem <rpluem [at] apache> 2009-06-25 10:24:36 PST ---
IMHO this is not a bug but a feature. httpd immediately cancels the SSL
connection if not provided with a client cert. If you don't like that please
try the following configuration:

<VirtualHost 10.0.0.86:8443>
ServerAdmin kuku [at] parks
ServerName mihailp1.parks.lv
DocumentRoot "/mihailp1/www-secure"

SSLEngine on
SSLCertificateKeyFile "/root/mihailp1-ca/mihailp1.key"
SSLCertificateFile "/root/mihailp1-ca/mihailp1.crt"
SSLCACertificateFile "/root/mihailp1-ca/mihailp1-ca.crt"

<Directory /mihailp1/www-secure
SSLVerifyClient require
SSLVerifyDepth 3
SSLOptions +OptRenegotiate
</Directory>

ErrorLog "logs/secure-error_log"
CustomLog "logs/secure-access_log" common
</VirtualHost>

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

bugzilla at apache

Jun 25, 2009, 11:40 AM

Post #5 of 7 (679 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

--- Comment #4 from Mike <mike.pechkin [at] gmail> 2009-06-25 11:40:59 PST ---
Yes, using <Directory> tag helps much, but I *want* use beatiful error page
here, this is public site.

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

bugzilla at apache

Jun 25, 2009, 11:52 AM

Post #6 of 7 (680 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

--- Comment #5 from Ruediger Pluem <rpluem [at] apache> 2009-06-25 11:52:17 PST ---
What about

<VirtualHost 10.0.0.86:8443>
ServerAdmin kuku [at] parks
ServerName mihailp1.parks.lv
DocumentRoot "/mihailp1/www-secure"

SSLEngine on
SSLCertificateKeyFile "/root/mihailp1-ca/mihailp1.key"
SSLCertificateFile "/root/mihailp1-ca/mihailp1.crt"
SSLCACertificateFile "/root/mihailp1-ca/mihailp1-ca.crt"

<Directory /mihailp1/www-secure
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +OptRenegotiate
SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
</Directory>

ErrorLog "logs/secure-error_log"
CustomLog "logs/secure-access_log" common
</VirtualHost>

and an error page located in an directory outside the document root mapped in
with an alias?

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

bugzilla at apache

Jun 26, 2009, 2:29 AM

Post #7 of 7 (669 views)
Permalink

[Bug 47427] browser doesn't get Error 403 if user's auth failed [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=47427

Mike <mike.pechkin [at] gmail> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID

--- Comment #6 from Mike <mike.pechkin [at] gmail> 2009-06-26 02:29:53 PST ---
Thank you for your workaround, it nice.
But at the same time I always see "Select certificate" window in FF.
See bug 47055, even with patch the window popups.
I will do more research, because I *need* error 403 handler *and* silent FF.

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe [at] httpd
For additional commands, e-mail: bugs-help [at] httpd

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads