488939 – mod_rewrite+mod_ssl+SSLVerifyClient = no POST variables

Bug 488939 - mod_rewrite+mod_ssl+SSLVerifyClient = no POST variables

Summary: mod_rewrite+mod_ssl+SSLVerifyClient = no POST variables

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	httpd
Sub Component:
Version:	4.8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Joe Orton
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-06 10:51 UTC by Joe Orton
Modified:	2011-02-16 13:58 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Consequence: Fix: Result:
Clone Of:	488886
Environment:
Last Closed:	2011-02-16 13:58:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:0237	0	normal	SHIPPED_LIVE	httpd bug fix and enhancement update	2011-02-15 16:35:07 UTC

Description Joe Orton 2009-03-06 10:51:05 UTC

+++ This bug was initially created as a clone of Bug #488886 +++

Description of problem:
If SSLClientVerify for a <directory> is configured, such as:
<Directory "/var/www/html/site">
  SSLVerifyClient require
  SSLVerifyDepth  10
</Directory>

And mod rewrite is configured for this site: (via .htaccess in before mentioned
directory)

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

Submitting a POST with variables defined do NOT show up on the script/php side.
 Disabling mod_rewrite or SSLVerifyClient for the path will cause POST
variables to be defined.

Version-Release number of selected component (if applicable):


How reproducible:
every time

Steps to Reproduce:
1. setup an https server with a certificate bundle and turn on sslVerifyClient
2. install a client certificate in your browser
3. setup mod rewrite rules
4. load any page, and try to submit POST variables.  phpinfo() will show no $_POST is defined.
  
Actual results:
no $_POST variables in php land with this configuration

Expected results:
need those $_POST variables

Additional info:

--- Additional comment from jorton on 2009-03-06 05:39:07 EDT ---

Ah, this is a known bug in the mod_ssl per-dir-reneg code; I fixed it upstream a while back.  Thanks for the report.

--- Additional comment from jorton on 2009-03-06 05:40:39 EDT ---

Fixed upstream by: http://svn.apache.org/viewvc?rev=591393&view=rev

Comment 5 Florian Nadge 2011-01-13 13:20:06 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause:

Consequence:

Fix:

Result:

Comment 6 Florian Nadge 2011-01-13 13:20:40 UTC

Please be so kind and add a few key words to the technical note of this
bugzilla entry using the following structure:

Cause:

Consequence:

Fix:

Result:

Thanks

Comment 7 errata-xmlrpc 2011-02-16 13:58:02 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0237.html

Note You need to log in before you can comment on or make changes to this bug.