Bug 488886
| Summary: | mod_rewrite+mod_ssl+SSLVerifyClient = no POST variables | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Karl Grindley <kgrindley> | |
| Component: | httpd | Assignee: | Joe Orton <jorton> | |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | low | |||
| Version: | 5.5 | CC: | ohudlick | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 488939 (view as bug list) | Environment: | ||
| Last Closed: | 2009-09-02 11:50:39 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
Ah, this is a known bug in the mod_ssl per-dir-reneg code; I fixed it upstream a while back. Thanks for the report. Fixed upstream by: http://svn.apache.org/viewvc?rev=591393&view=rev Would it be possible to get this integrated into the next bug release of http/mod_ssl via RHN? For my short term needs, i think i am going to try to patch the source rpm with your changes and see what happens. The fix is now scheduled for inclusion in RHEL 5.4. If you need a supported fix sooner please contact Red Hat Support. Fix works great! i was able to recompile up the SRPM with the patch, and first round of testing looks great! Thanks for the pointer. Good to hear - thanks for posting the feedback. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1380.html |
Description of problem: If SSLClientVerify for a <directory> is configured, such as: <Directory "/var/www/html/site"> SSLVerifyClient require SSLVerifyDepth 10 </Directory> And mod rewrite is configured for this site: (via .htaccess in before mentioned directory) RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] Submitting a POST with variables defined do NOT show up on the script/php side. Disabling mod_rewrite or SSLVerifyClient for the path will cause POST variables to be defined. Version-Release number of selected component (if applicable): How reproducible: every time Steps to Reproduce: 1. setup an https server with a certificate bundle and turn on sslVerifyClient 2. install a client certificate in your browser 3. setup mod rewrite rules 4. load any page, and try to submit POST variables. phpinfo() will show no $_POST is defined. Actual results: no $_POST variables in php land with this configuration Expected results: need those $_POST variables Additional info: