Bug 73876 - mod_ssl with SSL certificate and fakebasicauth Directory Indexing fails
mod_ssl with SSL certificate and fakebasicauth Directory Indexing fails
Product: Red Hat Linux
Classification: Retired
Component: mod_ssl (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
Depends On:
  Show dependency treegraph
Reported: 2002-09-12 15:47 EDT by Patrick Paul
Modified: 2007-04-18 12:46 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-01-25 11:34:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Patrick Paul 2002-09-12 15:47:18 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826

Description of problem:
When trying to get a DirectoryIndex when using mod_ssl with SSL certificates, it

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.A .htaccess file like so:Options +Indexes
AuthType Basic
AuthName "blah"
AuthUserFile /blah/blah/.htpasswd
Require valid-user
2.httpd.conf contains:SSLOptions +FakeBasicAuth
SSLVerifyClient require
3. .htpasswd file contains the subject from the SSL certificate and the
encrypted password 'password'

Actual Results:  When configured as above, I am able to access pages correctly,
but only if I type in the exact page name.  So I can't do
https://blah.mit.edu/directory and get an Index listing, but if I do
https://blah.mit.edu/directory/picture_name.jpg it works.  

Expected Results:  I should get a Directory listing.

Additional info:

This is a recognized bug that was fixed in mod_ssl 2.8.9.  I would normally just
upgrade the apache and mod_ssl myself, but we've moved to using the RedHat
Network, and am unwilling to upgrade any packages that will put our systems out
of sync.
The URL listed above is a google groups communication confirming the bug exists
and was fixed in 2.8.9, also the RELEASE-NOTES from the latest package list it
as a fixed bug.

The URL is too long for the Oracle, as it breaks.  The URL is
Comment 1 Joe Orton 2005-01-25 11:34:15 EST
Thanks for the report.  This is a mass bug update; since this release
of Red Hat Linux is no longer supported, please either:

a) try and reproduce the bug with a supported version of Red Hat
Enterprise Linux or Fedora Core, and re-open this bug as appropriate
after changing the Product field, or,

b) if relevant, try and reproduce this bug using the current version
of the upstream package, and report the bug upstream.

Note You need to log in before you can comment on or make changes to this bug.