You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by "Brian G. Reid" <br...@customlogic.com> on 2001/12/17 19:19:43 UTC
suExec patch for mod_ssl environment variables
Hello,
I am trying to use suExec for running CGI programs on a server that
is secured using mod_ssl. The problem that I am running into is that
suExec strips out all of the SSL related environment variables when it
cleans the environment space of the child process. Since it strips out
the variables, I lose the ability to detect whether my CGI programs are
running through SSL.
I have attached a patch to suexec.c that adds the HTTPS variable to the
"safe_env_lst" variable and adds a check in clean_env() to look for and
retain all the variables that start with "SSL_".
Thanks,
Brian Reid
breid@customlogic.com
PATCH FOLLOWS:
diff -urN oldhttpd/support/suexec.c httpd-2_0_28/support/suexec.c
--- oldhttpd/support/suexec.c Tue Oct 30 09:38:03 2001
+++ httpd-2_0_28/support/suexec.c Mon Dec 17 10:08:51 2001
@@ -136,6 +136,7 @@
"DOCUMENT_URI",
"FILEPATH_INFO",
"GATEWAY_INTERFACE",
+ "HTTPS",
"LAST_MODIFIED",
"PATH_INFO",
"PATH_TRANSLATED",
@@ -227,7 +228,7 @@
cidx++;
for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
- if (!strncmp(*ep, "HTTP_", 5)) {
+ if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep, "SSL_",4)) {
cleanenv[cidx] = *ep;
cidx++;
}