So, I just did an apt-get distupgrade (currently running Testing)
today, and
suddenly apache-ssl won't properly authenticate users. Using the same
directives from apache-ssl's httpd.conf and the same password file,
apache has no trouble validating users. Also, apache-ssl seems to
work fine
when I'm not trying to protect anything with a login.

Looking at the error.log file I get entries like the following:
[error] [client] user not found: /foo

Notice the two spaces after "user". It looks to me like it's not
getting the
user name. Can anyone shed any light on this?

I've tried many variations of removing and reinstalling and
reconfiguring apache-ssl and openssl, to no avail. Current versions
OpenSSL 0.9.7d 17
Apache/1.3.29 Ben-SSL/1.53 (Debian GNU/Linux)

Help would be muchly appreciated.