httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 34264] - Broken mod_ssl/mod_cgid under Solaris 10 (gcc 64-bit) using MPM=worker
Date Thu, 05 May 2005 19:09:00 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGˇ
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34264>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDˇ
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=34264





------- Additional Comments From gnevarez@gmail.com  2005-05-05 21:08 -------
The problem also exists in other platforms. I'm using 2.0.54 on Win32 (XP,
development machine). 

I have a similar problem with *some* client certificates during client
authentication in SSL. Using OpenSSL/0.9.7f  with 'SSLOptions +StdEnvVars
+ExportCertData'

[Thu May 05 13:30:20 2005] [error] [client 127.0.0.1] (22)Invalid argument:
couldn't create child process: 22: printenv.pl
[Thu May 05 13:30:20 2005] [error] [client 127.0.0.1] (22)Invalid argument:
couldn't spawn child process: C:/apache/httpd/cgi-bin/printenv.pl

The certificate data is (from the firefox client cert window):

Issued to: OID.2.5.4.41=#1311456D707265736120646520507275656261,CN=Empresa de
Prueba,OU=Sucursal de Prueba,O=Empresa de Prueba,serialNumber=" /
AAAA010101HDFRXX00",OID.2.5.4.45=#131C414141303130313031414141202F2041414141303130313031414141
  Serial Number: 30:30:30:30:31:30:30:30:30:30:30:30:30:30:30:30:30:31:31:34
  Valid from 8/2/2004 14:47:13 PM to 8/2/2006 14:47:13 PM
  Purposes: Client,Server,Sign,Encrypt
Issued by: O=Servicio de Administración Tributaria,OU=Administración de
Seguridad de la Información,CN=AC de Pruebas SAT,C=MX,ST="Mexico, D.F.",L=Ciudad
de Mexico

It seems that it can't parse this DN, probably due to the unknown OID. Then the
cgi invocation fails too because of corrupted data???

Problem is: I depend on 'SSLOptions +StdEnvVars' working because all the info is
sent via mod_jk  1.2.8 to Tomcat 5.5, and is used to AAA the users on a j2ee
webapp. It works ok with just "+ExportCertData", but other variables are
required by settings such as:

JkExtractSSL on
JkHTTPSIndicator HTTPS
JkCERTSIndicator SSL_CLIENT_CERT
#JkCIPHERIndicator n/a ?
JkSESSIONIndicator SSL_SESSION_ID
JkKEYSIZEIndicator SSL_CIPHER_ALGKEYSIZE
JkEnvVar SSL_CLIENT_M_SERIAL SSL_CLIENT_M_SERIAL



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message