Bug 55594

Description of Problem:

I have Apache compiled with mod_ssl and can not read the SSL environment 
variables in a https://www.xxx.xxx environment.  This means that I can not 
read information about different types of browser certificates required to 
access certain sites.

On a Redhat 6.2 system with a 2.2.x kernel, I could execute the following 
code in a cgi script:

if (( $ENV{SSL_CLIENT_S_DN} !~ /O=Apache Certificate Access Control/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Communications/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Comm/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache\, Inc./)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet Service/)) {

and look at the Organization/Company of the certificate presented to the 
site.  Then I could make decisions on where to send a given user based on 
the SSL environment variable SSL_CLIENT_S_DN.  Under Redhat 7.1 with a 
2.4.x kernel, the SSL environment variables are not available.  This is 
serious!!

Version-Release number of selected component (if applicable):


How Reproducible:
Out of the box Redhat 7.1 wiht latest rpm updates and kernel 2.4.9-6

Steps to Reproduce:
1. Recompile Apache with mod_ssl and setup secure server site

2. Try to read SSL environment variables with a script called Env.cgi:

#!/usr/bin/perl

print <<EOF;
Content-type: text/html

<HTML><HEAD>
<TITLE>Environment, port 443, with certificate based access control</TITLE>
</HEAD>

<BODY>
<H1>Environment, port 443, with certificate based access control</H1>

<P>
<HR>
<PRE>
========================================
EOF

foreach $var ( keys %ENV ) {

  print "$var=$ENV{$var}\n" ;

}
print <<EOF;
========================================
</PRE>
<HR>
</BODY>
</HTML>
EOF


3. Go to this script at https://www.xxx.xxx/Env.cgi

Actual Results:

Environment, port 443, with certificate based access control


---------------------------------------------------------------------------
-----

========================================
QUERY_STRING=
SERVER_ADDR=209.145.208.15
HTTP_ACCEPT_LANGUAGE=en-us, en-us
SERVER_PROTOCOL=HTTP/1.1
HTTP_CONNECTION=Keep-Alive
SERVER_SIGNATURE=
REMOTE_PORT=63937
HTTP_ACCEPT=application/vnd.ms-excel, image/gif, image/x-xbitmap, 
image/jpeg, image/pjpeg, application/msword, */*
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; 
WAN00)
GATEWAY_INTERFACE=CGI/1.1
HTTP_HOST=www.wildapache.com
SERVER_SOFTWARE=Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a 
mod_perl/1.25
SERVER_ADMIN=sysadmin
REMOTE_USER=otrcomm
REMOTE_ADDR=209.145.208.2
SCRIPT_NAME=/userlist/Env.cgi
SERVER_NAME=www.wildapache.com
HTTP_ACCEPT_ENCODING=gzip, deflate, gzip, deflate
HTTPS=on
DOCUMENT_ROOT=/usr/local/apache/share/htdocs/wildapache.com
REQUEST_URI=/userlist/Env.cgi
REQUEST_METHOD=GET
SCRIPT_FILENAME=/usr/local/apache/share/htdocs/wildapache.com/userlist/Env.
cgi
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/
usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin
AUTH_TYPE=Basic
SERVER_PORT=443
========================================


Expected Results:

Should show all my SSL environment variables and their values, but none 
show up.

Additional Information: