On Tue, Aug 19, 2014 at 2:53 PM, Lieven Govaerts <l...@mobsol.be> wrote: > However, when the client certificate is requested for a resource > deeper in the repository, it's likely that say during a large > checkout, many (pipelined) requests will already be sent by the client > before the request for the protected resource. This is the scenario > that'll lead to the problem.
I know we already do something similar in a number of other places - what if we can flag that we have sent the client cert, see an error with pipelining, and then retry the requests/connections without pipelining? It'd mean the performance would suffer for those with renegotiations - and if there is a real failure, it'd force us to fail twice - but, not require a config option. I also wonder if we retry the first request that triggered renegotiation and then turn back on pipelining... WDYT? -- justin
