Bug 822998 - mod_nss not finding X.509 object in SSLSessionCache upon HTTP 302 redirect
mod_nss not finding X.509 object in SSLSessionCache upon HTTP 302 redirect
Status: CLOSED DUPLICATE of bug 749402
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: mod_nss (Show other bugs)
x86_64 Linux
unspecified Severity high
: rc
: ---
Assigned To: Matthew Harmsen
Depends On:
  Show dependency treegraph
Reported: 2012-05-18 14:26 EDT by John Stamper
Modified: 2012-06-27 13:57 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-27 13:57:10 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Stamper 2012-05-18 14:26:55 EDT
Description of problem:
Running mod_nss-1.0.8-4.el5_6.1 for Oracle HTTP Server on RHEL 5.7 and managed to insert mod_nss as the cryptographic store. NSSVerifyClient is set to 'require'. Upon initial session with server, client is prompted for certificate selection, and after selected, server parses certificate and does lookup in backend datastore for existing account. In the event the query returns a result set size of zero, a redirect to a registration page is executed - server side HTTP 302.

The new servlet attempts to pull the X.509 object from the HttpRequest object, only to find it to be null. mod_ossl (Oracle's version of mod_ssl) handles the redirect without issue and finds the X.509 object in the HttpRequest object. This points to the SSLSessionCache for mod_nss not behaving properly.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 RHEL Product and Program Management 2012-05-25 13:56:51 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 2 Matthew Harmsen 2012-05-30 17:23:18 EDT
Could you please provide setup instructions for how this issue might be reproduced?

In the meantime, please note the following bug:

    * Bugzilla Bug #749402 - may be possible to spoof mod_nss FakeBasicAuth

The patch for this bug has already been produced and is currently undergoing Q/A, and may resolve the issue described above.

Additionally, this patch has not yet been made available to Fedora platforms, but is slated to be included in the next update of 'mod_nss' for Fedora (see Bugzilla Bug #797335 - may be possible to spoof mod_nss FakeBasicAuth).
Comment 3 Nathan Kinder 2012-06-27 13:57:10 EDT
We believe that this is a duplicate of bug 749402, which is slated to be fixed in RHEL 5.9.  I am going to close this as a duplicate.  If there is still an issue after the update is available, please reopen this bug.

*** This bug has been marked as a duplicate of bug 749402 ***

Note You need to log in before you can comment on or make changes to this bug.