You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/05 21:09:00 UTC
DO NOT REPLY [Bug 34264] -
Broken mod_ssl/mod_cgid under Solaris 10 (gcc 64-bit) using MPM=worker
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=34264>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34264
------- Additional Comments From gnevarez@gmail.com 2005-05-05 21:08 -------
The problem also exists in other platforms. I'm using 2.0.54 on Win32 (XP,
development machine).
I have a similar problem with *some* client certificates during client
authentication in SSL. Using OpenSSL/0.9.7f with 'SSLOptions +StdEnvVars
+ExportCertData'
[Thu May 05 13:30:20 2005] [error] [client 127.0.0.1] (22)Invalid argument:
couldn't create child process: 22: printenv.pl
[Thu May 05 13:30:20 2005] [error] [client 127.0.0.1] (22)Invalid argument:
couldn't spawn child process: C:/apache/httpd/cgi-bin/printenv.pl
The certificate data is (from the firefox client cert window):
Issued to: OID.2.5.4.41=#1311456D707265736120646520507275656261,CN=Empresa de
Prueba,OU=Sucursal de Prueba,O=Empresa de Prueba,serialNumber=" /
AAAA010101HDFRXX00",OID.2.5.4.45=#131C414141303130313031414141202F2041414141303130313031414141
Serial Number: 30:30:30:30:31:30:30:30:30:30:30:30:30:30:30:30:30:31:31:34
Valid from 8/2/2004 14:47:13 PM to 8/2/2006 14:47:13 PM
Purposes: Client,Server,Sign,Encrypt
Issued by: O=Servicio de Administraci�n Tributaria,OU=Administraci�n de
Seguridad de la Informaci�n,CN=AC de Pruebas SAT,C=MX,ST="Mexico, D.F.",L=Ciudad
de Mexico
It seems that it can't parse this DN, probably due to the unknown OID. Then the
cgi invocation fails too because of corrupted data???
Problem is: I depend on 'SSLOptions +StdEnvVars' working because all the info is
sent via mod_jk 1.2.8 to Tomcat 5.5, and is used to AAA the users on a j2ee
webapp. It works ok with just "+ExportCertData", but other variables are
required by settings such as:
JkExtractSSL on
JkHTTPSIndicator HTTPS
JkCERTSIndicator SSL_CLIENT_CERT
#JkCIPHERIndicator n/a ?
JkSESSIONIndicator SSL_SESSION_ID
JkKEYSIZEIndicator SSL_CIPHER_ALGKEYSIZE
JkEnvVar SSL_CLIENT_M_SERIAL SSL_CLIENT_M_SERIAL
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org