httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 31418] - SSLUserName is not usable by other modules
Date Mon, 25 Apr 2005 23:23:52 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=31418>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=31418


hps@intermeta.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|minor                       |normal
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |
            Version|2.0.51                      |2.0.54




------- Additional Comments From hps@intermeta.de  2005-04-26 01:23 -------
[One of the really, really amazing things of this small world is, that
you always meet the same people. :-) ]

Two things: 

- the backport is wrong (and also the code on the trunk). The reason for this:
  ATM, the setting of r->user only happens if nothing in the ssl_hook_access
  returns DECLINED, FORBIDDEN or anything else before the subroutine actually
  comes to the setting of r->user, some hundreds of lines below the start of
  the subroutine (That is why "one method, one exit" is a good thing).

- the only way to actually get this to work (at least what I found) in all
  corner cases is to factor out the user name setting (which should run all
  the times anyway, no matter what other parts of ssl_hook_access are run
  or not run) and add it as a separate hook to the processing chain.

I built a patch against 2.0.54. I run a slightly older version of this (for
Fedora Core 1 2.0.51-1.6.legacy) with Subversion 1.1.4 and client certificate
authentication and mod_authz_svn) and it ran fine in all three tests that I did.
:-) 

Side-nit: One of the good thing of the countless code and style checkers for
other programming languages besides C is that they keep your line-per-method
count down. ssl_hook_access is _screaming_ for a refactoring and a breaking down
into smaller parts. 

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message