Red Hat Bugzilla – Bug 73876
mod_ssl with SSL certificate and fakebasicauth Directory Indexing fails
Last modified: 2007-04-18 12:46:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826
Description of problem:
When trying to get a DirectoryIndex when using mod_ssl with SSL certificates, it
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.A .htaccess file like so:Options +Indexes
2.httpd.conf contains:SSLOptions +FakeBasicAuth
3. .htpasswd file contains the subject from the SSL certificate and the
encrypted password 'password'
Actual Results: When configured as above, I am able to access pages correctly,
but only if I type in the exact page name. So I can't do
https://blah.mit.edu/directory and get an Index listing, but if I do
https://blah.mit.edu/directory/picture_name.jpg it works.
Expected Results: I should get a Directory listing.
This is a recognized bug that was fixed in mod_ssl 2.8.9. I would normally just
upgrade the apache and mod_ssl myself, but we've moved to using the RedHat
Network, and am unwilling to upgrade any packages that will put our systems out
The URL listed above is a google groups communication confirming the bug exists
and was fixed in 2.8.9, also the RELEASE-NOTES from the latest package list it
as a fixed bug.
The URL is too long for the Oracle, as it breaks. The URL is
Thanks for the report. This is a mass bug update; since this release
of Red Hat Linux is no longer supported, please either:
a) try and reproduce the bug with a supported version of Red Hat
Enterprise Linux or Fedora Core, and re-open this bug as appropriate
after changing the Product field, or,
b) if relevant, try and reproduce this bug using the current version
of the upstream package, and report the bug upstream.