Zaf’s Blog

Apache2 + SSL + Client Cerificate Authenticate + Directory level + Uploading Large Files = Problem.

Ok, so I’ll explain… We have a company portal, which is secured using SSL Client Side Certificate authentication. This works very well. The portal is primarily a Wiki (MediaWiki actually), allowing a CMS of sorts. I tried to upload a PDF to the wiki, and got a strange error. Thinking it was a MediaWiki problem, I spent quite awhile looking through various forums.

In the end I found an error message in the apache logs for the portal:
request body exceeds maximum size for SSL buffer

This lead to the following bug report statement:

This does not work on directory level with large files, because we currently do
not buffer the request body on disk but only 128k at max in memory. Moving
SSLVerifyClient require to virtual host level will make it work (see also
PR12355)

So in the end, the problem was because I was using

• Apache
• With SSL
• With Client-Side Certificate Authentication
• With Directory based SSL rules

And I tried to upload a file bigger than 128kWhat an obscure bug.

The fix was to simply move the Authentication from the Location directive to the Virtual Server directive

This entry was posted on Wednesday, May 30th, 2007 at 5:27 pm and is filed under post. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.