Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 55594 - Kernel 2.4.9-6: SSL environment variables not accessible
Kernel 2.4.9-6: SSL environment variables not accessible
Status: CLOSED DUPLICATE of bug 55593
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
7.1
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-11-02 12:12 EST by Need Real Name
Modified: 2007-04-18 12:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-11-02 12:17:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-11-02 12:12:33 EST
Description of Problem:

I have Apache compiled with mod_ssl and can not read the SSL environment 
variables in a https://www.xxx.xxx environment.  This means that I can not 
read information about different types of browser certificates required to 
access certain sites.

On a Redhat 6.2 system with a 2.2.x kernel, I could execute the following 
code in a cgi script:

if (( $ENV{SSL_CLIENT_S_DN} !~ /O=Apache Certificate Access Control/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Communications/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=OTR Comm/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache\, Inc./)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet/)
        && ( $ENV{SSL_CLIENT_S_DN} !~ /O=Wild Apache Internet Service/)) {

and look at the Organization/Company of the certificate presented to the 
site.  Then I could make decisions on where to send a given user based on 
the SSL environment variable SSL_CLIENT_S_DN.  Under Redhat 7.1 with a 
2.4.x kernel, the SSL environment variables are not available.  This is 
serious!!

Version-Release number of selected component (if applicable):


How Reproducible:
Out of the box Redhat 7.1 wiht latest rpm updates and kernel 2.4.9-6

Steps to Reproduce:
1. Recompile Apache with mod_ssl and setup secure server site

2. Try to read SSL environment variables with a script called Env.cgi:

#!/usr/bin/perl

print <<EOF;
Content-type: text/html

<HTML><HEAD>
<TITLE>Environment, port 443, with certificate based access control</TITLE>
</HEAD>

<BODY>
<H1>Environment, port 443, with certificate based access control</H1>

<P>
<HR>
<PRE>
========================================
EOF

foreach $var ( keys %ENV ) {

  print "$var=$ENV{$var}\n" ;

}
print <<EOF;
========================================
</PRE>
<HR>
</BODY>
</HTML>
EOF


3. Go to this script at https://www.xxx.xxx/Env.cgi

Actual Results:

Environment, port 443, with certificate based access control


---------------------------------------------------------------------------
-----

========================================
QUERY_STRING=
SERVER_ADDR=209.145.208.15
HTTP_ACCEPT_LANGUAGE=en-us, en-us
SERVER_PROTOCOL=HTTP/1.1
HTTP_CONNECTION=Keep-Alive
SERVER_SIGNATURE=
REMOTE_PORT=63937
HTTP_ACCEPT=application/vnd.ms-excel, image/gif, image/x-xbitmap, 
image/jpeg, image/pjpeg, application/msword, */*
HTTP_USER_AGENT=Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; 
WAN00)
GATEWAY_INTERFACE=CGI/1.1
HTTP_HOST=www.wildapache.com
SERVER_SOFTWARE=Apache/1.3.20 (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6a 
mod_perl/1.25
SERVER_ADMIN=sysadmin@wildapache.net
REMOTE_USER=otrcomm
REMOTE_ADDR=209.145.208.2
SCRIPT_NAME=/userlist/Env.cgi
SERVER_NAME=www.wildapache.com
HTTP_ACCEPT_ENCODING=gzip, deflate, gzip, deflate
HTTPS=on
DOCUMENT_ROOT=/usr/local/apache/share/htdocs/wildapache.com
REQUEST_URI=/userlist/Env.cgi
REQUEST_METHOD=GET
SCRIPT_FILENAME=/usr/local/apache/share/htdocs/wildapache.com/userlist/Env.
cgi
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/kerberos/sbin:/usr/kerberos/bin:/
usr/bin:/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin
AUTH_TYPE=Basic
SERVER_PORT=443
========================================


Expected Results:

Should show all my SSL environment variables and their values, but none 
show up.

Additional Information:
Comment 1 Bill Nottingham 2001-11-02 14:12:41 EST

*** This bug has been marked as a duplicate of 55593 ***

Note You need to log in before you can comment on or make changes to this bug.