Just configure a virtual host port 443 and set the SSLVerifyClient to required or optional.
<Location />
SSLRequireSSL
SSLOptions +StdEnvVars +ExportCertData +StrictRequire
SSLVerifyClient optional
SSLVerifyDepth 2
</Location>
When you send a large request, for example a SOAP message which contains a file (bad practice, use MTOM), you could get the following error:
[2017-12-07 16:59:42,313] (LogUtils.java:478) WARN main org.apache.cxf.phase.PhaseInterceptorChain Interceptor for {http:/xxxxxxxxxxxxxxxx}yyyyyyyyy#{http:/xxxxxxxxxxxxxxxx}generarCSV has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:518)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:427)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:328)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:281)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
at com.sun.proxy.$Proxy22.generarCSV(Unknown Source)
at es.sisifo.cxf.client.SinaturaServiceClient.run(SinaturaServiceClient.java:81)
at es.sisifo.cxf.client.SinaturaServiceClient.main(SinaturaServiceClient.java:93)
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '413: Request Entity Too Large' when communicating with https://my-service-endpoint
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1609)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1616)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1560)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1361)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:658)
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
... 10 more
The solution is to use the SSLRenegBufferSize directive:
If an SSL renegotiation is required in per-location context, for example, any use of SSLVerifyClient in a Directory or Location block, then mod_ssl must buffer any HTTP request body into memory until the new SSL handshake can be performed. This directive can be used to set the amount of memory that will be used for this buffer.This buffer is referred to the whole size of the request, i.e, if you are sending a 200KB file, then the value should be set to around 250000 (you have to spare some size for the rest of the request).
<Location />
SSLRequireSSL
SSLOptions +StdEnvVars +ExportCertData +StrictRequire
SSLVerifyClient optional
SSLVerifyDepth 2
SSLRenegBufferSize 250000
</Location>
In other places you can also found that the problem could be solved with other two directives, LimitXMLRequestBody and LimitRequestBody but I was not able to reproduce my problem by using them.
No hay comentarios:
Publicar un comentario