You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/02/07 07:14:59 UTC

DO NOT REPLY [Bug 52616] New: SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)

https://issues.apache.org/bugzilla/show_bug.cgi?id=52616

             Bug #: 52616
           Summary: SSLUserName uses SSL_CLIENT_S_DN insted of
                    SSL_CLIENT_S_DN_CN (or any x509)
           Product: Apache httpd-2
           Version: 2.2.16
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: m-one@mail.ru
    Classification: Unclassified


I've trouble using SSL_CLIENT_S_DN_CN in SSLUserName with FakeBasicAuth.

My apache config:

<Location /repos>
    SSLOptions +FakeBasicAuth +StdEnvVars
    SSLUserName SSL_CLIENT_S_DN_CN
    AuthName "Restricted area"
    AuthType Basic
    AuthUserFile /etc/apache2/fakeauth.passwd
    require valid-user
</Location>

In this case SSL_CLIENT_S_DN_CN equals SSL_CLIENT_S_DN. I've used patch
http://reki.ru/products/subversion/patch-server-ssl_engine_kernel.c which
correct this behaviour to the right way.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 52616] SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=52616

Ruediger Pluem <rp...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 52616] SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=52616

--- Comment #3 from Graham Leggett <mi...@sharp.fm> ---
Alternative fix in trunk as follows:

http://svn.apache.org/viewvc?view=revision&revision=r1457437
http://svn.apache.org/viewvc?view=revision&revision=r1457450
http://svn.apache.org/viewvc?view=revision&revision=r1457471

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 52616] SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=52616

--- Comment #2 from Graham Leggett <mi...@sharp.fm> ---
Fixed in httpd-trunk r1432322, proposed for backport to v2.4.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 52616] SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=52616

Ruediger Pluem <rp...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED
           Severity|normal                      |enhancement

--- Comment #1 from Ruediger Pluem <rp...@apache.org> 2012-02-07 12:51:38 UTC ---
At best this is a missing feature as the documentation
(http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslusername) clearly states
that SSLUserName and FakeBasicAuth do not work in conjunction.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org