Bug 73876

Summary: mod_ssl with SSL certificate and fakebasicauth Directory Indexing fails
Product: [Retired] Red Hat Linux Reporter: Patrick Paul <patpaul>
Component: mod_sslAssignee: Joe Orton <jorton>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
URL: http://groups.google.com
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-25 16:34:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Patrick Paul 2002-09-12 19:47:18 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826

Description of problem:
When trying to get a DirectoryIndex when using mod_ssl with SSL certificates, it
fails.  

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.A .htaccess file like so:Options +Indexes
AuthType Basic
AuthName "blah"
AuthUserFile /blah/blah/.htpasswd
Require valid-user
SSLRequireSSL
2.httpd.conf contains:SSLOptions +FakeBasicAuth
SSLVerifyClient require
3. .htpasswd file contains the subject from the SSL certificate and the
encrypted password 'password'
	

Actual Results:  When configured as above, I am able to access pages correctly,
but only if I type in the exact page name.  So I can't do
https://blah.mit.edu/directory and get an Index listing, but if I do
https://blah.mit.edu/directory/picture_name.jpg it works.  

Expected Results:  I should get a Directory listing.

Additional info:

This is a recognized bug that was fixed in mod_ssl 2.8.9.  I would normally just
upgrade the apache and mod_ssl myself, but we've moved to using the RedHat
Network, and am unwilling to upgrade any packages that will put our systems out
of sync.
The URL listed above is a google groups communication confirming the bug exists
and was fixed in 2.8.9, also the RELEASE-NOTES from the latest package list it
as a fixed bug.

The URL is too long for the Oracle, as it breaks.  The URL is
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=e56bf71b.0206130144.423d95e%40posting.google.com&rnum=7&prev=/groups%3Fq%3Ddirectory%2Bindex%2Bmod_ssl%2Bvalid-user%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3De56bf71b.0206130144.423d95e%2540posting.google.com%26rnum%3D7

Comment 1 Joe Orton 2005-01-25 16:34:15 UTC
Thanks for the report.  This is a mass bug update; since this release
of Red Hat Linux is no longer supported, please either:

a) try and reproduce the bug with a supported version of Red Hat
Enterprise Linux or Fedora Core, and re-open this bug as appropriate
after changing the Product field, or,

b) if relevant, try and reproduce this bug using the current version
of the upstream package, and report the bug upstream.