Red Hat Bugzilla – Bug 55594
Kernel 2.4.9-6: SSL environment variables not accessible
Last modified: 2007-04-18 12:37:59 EDT
Description of Problem: I have Apache compiled with mod_ssl and can not read the SSL environment variables in a https://www.xxx.xxx environment. This means that I can not read information about different types of browser certificates required to access certain sites. On a Redhat 6.2 system with a 2.2.x kernel, I could execute the following code in a cgi script: if (( $ENV{SSL_CLIENT_S_DN} !~ /O=Apache Certificate Access Control/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Communications/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Comm/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache\, Inc./) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet/) && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet Service/)) { and look at the Organization/Company of the certificate presented to the site. Then I could make decisions on where to send a given user based on the SSL environment variable SSL_CLIENT_S_DN. Under Redhat 7.1 with a 2.4.x kernel, the SSL environment variables are not available. This is serious!! Version-Release number of selected component (if applicable): How Reproducible: Out of the box Redhat 7.1 wiht latest rpm updates and kernel 2.4.9-6 Steps to Reproduce: 1. Recompile Apache with mod_ssl and setup secure server site 2. Try to read SSL environment variables with a script called Env.cgi: #!/usr/bin/perl print <<EOF; Content-type: text/html <HTML><HEAD> <TITLE>Environment, port 443, with certificate based access control</TITLE> </HEAD> <BODY> <H1>Environment, port 443, with certificate based access control</H1> <P> <HR> <PRE> ======================================== EOF foreach $var ( keys %ENV ) { print "$var=$ENV{$var}\n" ; } print <<EOF; ======================================== </PRE> <HR> </BODY> </HTML> EOF 3. Go to this script at https://www.xxx.xxx/Env.cgi Actual Results: Environment, port 443, with certificate based access control --------------------------------------------------------------------------- ----- ======================================== QUERY_STRING= SERVER_ADDR=209.145.208.15 HTTP_ACCEPT_LANGUAGE=en-us, en-us SERVER_PROTOCOL=HTTP/1.1 HTTP_CONNECTION=Keep-Alive SERVER_SIGNATURE= REMOTE_PORT=63937 HTTP_ACCEPT=application/vnd.ms-excel, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/msword, */* HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; WAN00) GATEWAY_INTERFACE=CGI/1.1 HTTP_HOST=www.wildapache.com SERVER_SOFTWARE=Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a mod_perl/1.25 SERVER_ADMIN=sysadmin@wildapache.net REMOTE_USER=otrcomm REMOTE_ADDR=209.145.208.2 SCRIPT_NAME=/userlist/Env.cgi SERVER_NAME=www.wildapache.com HTTP_ACCEPT_ENCODING=gzip, deflate, gzip, deflate HTTPS=on DOCUMENT_ROOT=/usr/local/apache/share/htdocs/wildapache.com REQUEST_URI=/userlist/Env.cgi REQUEST_METHOD=GET SCRIPT_FILENAME=/usr/local/apache/share/htdocs/wildapache.com/userlist/Env. cgi PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/ usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin AUTH_TYPE=Basic SERVER_PORT=443 ======================================== Expected Results: Should show all my SSL environment variables and their values, but none show up. Additional Information:
*** This bug has been marked as a duplicate of 55593 ***