httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31418] - SSLUserName is not usable by other modules
Date Tue, 19 Oct 2004 22:16:25 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31418>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31418

SSLUserName is not usable by other modules





------- Additional Comments From laforge@netfilter.org  2004-10-19 22:16 -------
I totally agree with Kevin.  FakeBasicAuth might be working for cases where you
don't care about the username.  But having the full certificate subject as
username is definitely a problem with subversion.  Not only that the log file
has the dn everywhere, it also makes ViewCVS output bloated, and results in
broken commit-log mails, since the username is again used as From: header in the
mails.

using apache+ssl+mod_dav_svn+authz+client_certificates is the only way to get a
decently secure subversion repository with per-file granular permissions and
strong crypto running...

Yes, this could all be fixed up within svn or any other later module, rewriting
the certificate subject, replacing it with the email address contained within.

But I think the source of this ugliness is FakeBasicAuth in the beginning.  It
starts with certificate subjects in the 'passwd' files.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message