Description of Problem: CGI scripts running with suexec in a HTTPS virtual host, do not get the environment varaibles HTTPS=on and those starting with SSL_ Version-Release number of selected component (if applicable): apache-1.3.22-2, mod_ssl-2.8.5-1 How Reproducible: Run the CGI script in a HTTPS Virtual server #!/bin/sh echo "Content-Type: text/plain" echo echo "HTTPS=$HTTPS" Steps to Reproduce 1. 2. 3. Actual Results: HTTPS= Expected Results: HTTPS=on Additional Information: The reason this doesn't work is that /usr/sbin/suexec is compiled without -DMOD_SSL flag, so that HTTP_ variables are not cleaned, but HTTPS and SSL_ are. Installing mod_ssl does not replace suexec. It should be compiled with the -DMOD_SSL even in a non-ssl environment - it does not fringe the security. This is being discussed in the apache-dev mailing list and the compilation flag is being dropped in apache 2.0
Verified fixed in 1.3.23-8.