Description of Problem: I have Apache compiled with mod_ssl and can not read the SSL environment variables in a https://www.xxx.xxx environment. This means that I can not read information about different types of browser certificates required to access certain sites. On a Redhat 6.2 system with a 2.2.x kernel, I could execute the following code in a cgi script: if (( $ENV{SSL_CLIENT_S_DN} !~ /O=Apache Certificate Access Control/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Communications/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Comm/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache\, Inc./) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet Service/)) { and look at the Organization/Company of the certificate presented to the site. Then I could make decisions on where to send a given user based on the SSL environment variable SSL_CLIENT_S_DN. Under Redhat 7.1 with a 2.4.x kernel, the SSL environment variables are not available. This is serious!! Version-Release number of selected component (if applicable): How Reproducible: Out of the box Redhat 7.1 wiht latest rpm updates and kernel 2.4.9-6 Steps to Reproduce: 1. Recompile Apache with mod_ssl and setup secure server site 2. Try to read SSL environment variables with a script called Env.cgi: #!/usr/bin/perl print <<EOF; Content-type: text/html <HTML><HEAD> <TITLE>Environment, port 443, with certificate based access control</TITLE> </HEAD> <BODY> <H1>Environment, port 443, with certificate based access control</H1> <P> <HR> <PRE> ======================================== EOF foreach $var ( keys %ENV ) { print "$var=$ENV{$var}\n" ; } print <<EOF; ======================================== </PRE> <HR> </BODY> </HTML> EOF 3. Go to this script at https://www.xxx.xxx/Env.cgi Actual Results: Environment, port 443, with certificate based access control --------------------------------------------------------------------------- ----- ======================================== QUERY_STRING= SERVER_ADDR=209.145.208.15 HTTP_ACCEPT_LANGUAGE=en-us, en-us SERVER_PROTOCOL=HTTP/1.1 HTTP_CONNECTION=Keep-Alive SERVER_SIGNATURE= REMOTE_PORT=63937 HTTP_ACCEPT=application/vnd.ms-excel, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, */* HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; WAN00) GATEWAY_INTERFACE=CGI/1.1 HTTP_HOST=www.wildapache.com SERVER_SOFTWARE=Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a mod_perl/1.25 SERVER_ADMIN=sysadmin REMOTE_USER=otrcomm REMOTE_ADDR=209.145.208.2 SCRIPT_NAME=/userlist/Env.cgi SERVER_NAME=www.wildapache.com HTTP_ACCEPT_ENCODING=gzip, deflate, gzip, deflate HTTPS=on DOCUMENT_ROOT=/usr/local/apache/share/htdocs/wildapache.com REQUEST_URI=/userlist/Env.cgi REQUEST_METHOD=GET SCRIPT_FILENAME=/usr/local/apache/share/htdocs/wildapache.com/userlist/Env. cgi PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/ usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin AUTH_TYPE=Basic SERVER_PORT=443 ======================================== Expected Results: Should show all my SSL environment variables and their values, but none show up. Additional Information:
*** Bug 55594 has been marked as a duplicate of this bug. ***
Question: If 55594 has been closed because it is a duplicate to 55593 (the current bug), will 55594 remain active until a resolution is defined?
Does any one have any ideas about this issue or is it just sitting in someone's queue? We have to be able to access the SSL environment variables. Please look into this and let me know if there is a fix for it.
Is anyone working on this, or do I just write of Redhat and go to some other version of Linux???
I'm sorry to say this, but I think you're using the wrong mechanism; bugzilla is for reporting bugs, not for support. The URL for support is at http://www.redhat.com/support and I'm sure the people from support can help you on a much more timely way.
Firstly you say you're working with a *recompiled* version of Apache and mod_ssl, not the ones that are distributed with Red Hat Linux; therefore this is not an OS issue, it's an issue with your compilation or subsequent configuration. Secondly, mod_ssl has a directive to control the exporting of SSL environment variables; by default mod_ssl does not export SSL environment variables. Check your config file, and the mod_ssl documentation. If environment variable exporting does not work with the default Red Hat Linux configuration and RPM's please let us know.