Red Hat Bugzilla – Bug 822998
mod_nss not finding X.509 object in SSLSessionCache upon HTTP 302 redirect
Last modified: 2012-06-27 13:57:10 EDT
Description of problem:
Running mod_nss-1.0.8-4.el5_6.1 for Oracle HTTP Server on RHEL 5.7 and managed to insert mod_nss as the cryptographic store. NSSVerifyClient is set to 'require'. Upon initial session with server, client is prompted for certificate selection, and after selected, server parses certificate and does lookup in backend datastore for existing account. In the event the query returns a result set size of zero, a redirect to a registration page is executed - server side HTTP 302.
The new servlet attempts to pull the X.509 object from the HttpRequest object, only to find it to be null. mod_ossl (Oracle's version of mod_ssl) handles the redirect without issue and finds the X.509 object in the HttpRequest object. This points to the SSLSessionCache for mod_nss not behaving properly.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release. Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products. This request is not yet committed for inclusion in
Could you please provide setup instructions for how this issue might be reproduced?
In the meantime, please note the following bug:
* Bugzilla Bug #749402 - may be possible to spoof mod_nss FakeBasicAuth
The patch for this bug has already been produced and is currently undergoing Q/A, and may resolve the issue described above.
Additionally, this patch has not yet been made available to Fedora platforms, but is slated to be included in the next update of 'mod_nss' for Fedora (see Bugzilla Bug #797335 - may be possible to spoof mod_nss FakeBasicAuth).
We believe that this is a duplicate of bug 749402, which is slated to be fixed in RHEL 5.9. I am going to close this as a duplicate. If there is still an issue after the update is available, please reopen this bug.
*** This bug has been marked as a duplicate of bug 749402 ***