LimitRequestBody 0

This sounds a lot like
https://issues.apache.org/bugzilla/s...g.cgi?id=42625
https://issues.apache.org/bugzilla/s...g.cgi?id=12355

But I think it is different. I'm using certificates for authentication
to all of my pages:

<Location "/">
# applied to _all_ URLs
SSLRequireSSL

SSLVerifyClient require
SSLVerifyDepth 5
SSLCACertificateFile /root/openssl/doberman-ca.crt
SSLOptions +FakeBasicAuth
SSLRequire %{SSL_CLIENT_S_DN_O} eq "mcprogramming.com" and \
%{SSL_CLIENT_S_DN_OU} in {"doberman", "localhost"}
</Location>

When I try to upload an image to my wiki (MoinMoin, 1.70rc2) I get
a 413:
Request Entity Too Large
The requested resource
/m17test/MyStartingPage
does not allow request data with POST requests, or the amount of data
provided in the request exceeds the capacity limit.
Apache/2.2.8 (Debian) mod_ssl/2.2.8 OpenSSL/0.9.8g mod_wsgi/2.0
Python/2.5.2 Server at localhost Port 443

I can add
LimitRequestBody 2147483647
to conf and things work splendidly, but if I use
LimitRequestBody 0
(which should allow unlimited upload sizes), I'm back to the error
messages above.

Any thoughts? All the version info is in the error message, this is on
a debian testing system.

TIA
--
Keith Hellman #include <disclaimer.h>
khellman@mcprogramming.com from disclaimer import standard
khellman@mines.edu
-*-
public key @ pgp.mit.edu 9FCF40FD
Y!M: mcprogramming AIM/ICQ: 485403897
gtalk: jabber@mcprogramming.com
-*-

"The First Python function ever written (takes place in the Garden of Eden)"

Guido sayeth "I will write def foo():"
"Hmm, I could use an import, or two",
Satan said, in a whirl, "Why not write it in Perl?",
and the second function ever written - def foo_you():

-- Python Limmerick Contest submission by cappy2112
http://groups-beta.google.com/group/...780beaff2e88a/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFISBiceAsFcZ/PQP0RAoXDAKCppHaksWfZ960Qpe0JPXxadjIbrgCfbsWD
uNGEMYg63ivMGcu5APQe0DQ=
=YZSv
-----END PGP SIGNATURE-----

Oh yeah, I forgot to mention: everything works AOK if I try using http
instead (hence, I'm posting on the modssl list).
--
Keith Hellman #include <disclaimer.h>
khellman@mcprogramming.com from disclaimer import standard
khellman@mines.edu
-*-
public key @ pgp.mit.edu 9FCF40FD
Y!M: mcprogramming AIM/ICQ: 485403897
gtalk: jabber@mcprogramming.com
-*-

"We will perhaps eventually be writing only small modules which are identified
by name as they are used to build larger ones, so that devices like
indentation, rather than delimiters, might become feasible for expressing local
structure in the source language."

-- Donald E. Knuth, "Structured Programming with goto Statements", Computing
Surveys, Vol 6 No 4, Dec. 1974

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFISBzweAsFcZ/PQP0RAjPnAJ96frSoUxSBD+75UTJGXEmzXhjB/wCgsfnS
X/gWaif8SgCIRCZxuFGXZsw=
=/1N6
-----END PGP SIGNATURE-----

On Thu, Jun 05, 2008 at 10:47:25AM -0600, Keith Hellman wrote:
> This sounds a lot like
> https://issues.apache.org/bugzilla/s...g.cgi?id=42625
> https://issues.apache.org/bugzilla/s...g.cgi?id=12355
>
> But I think it is different. I'm using certificates for authentication
> to all of my pages:
>
> <Location "/">
> # applied to _all_ URLs
> SSLRequireSSL
>
> SSLVerifyClient require

You should put all this inside the VirtualHost config for the SSL
vhost(s) in question. That way you avoid having to do a per-location
renegotiation and the request body buffering which is necessary in that
case.

joe
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org