>Number: 5402
>Category: mod_jserv
>Synopsis: getRemoteUser() and AuthType() dose not handle pure X.509
>authentication
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: jserv
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Wed Dec 1 07:10:03 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.9
>Environment:
Running with mod_ssl and mod_jserv
>Description:
mod_ssl and mod_jserv are loaded into apache. And protected
by "Require" statement in HTTPS.
In this case, the servlet can not get authenticate information by
getRemoteUser()/AuthType(). jserv have better to give it SSL_*
enviroment values.
>How-To-Repeat:
See description
>Fix:
I can offer few patches. This patches are written for mod_jserv 1.0 release.
Please marge to future or latest release.
begin 664 patch.gz
M'XL(`+TV13@"`Z5286^;,!#]3'[%C2\C(>"0+6I)UXFN1<JZM*L"T;9/R"-7
M0DI,:@-3-?6_SV"0FFE=%\T29V.?WWOG=Y9E@>`QV="*DIPGA.YHO$:R$<@K
M<AG(>)XSAG&1YLRNL^R<IXGV!5=P63(`%T9OII/Q=#(!QW7=GFF:!P(V6!<8
[EMAIL PROTECTED]/+&?D'@V/P&[EMAIL PROTECTED]&,`=RW\PN_LE:K$KOV=I#$'!
[EMAIL PROTECTED]"MWF!2TEO].%GSX)V<"Q*SL!0F7U`5D45Y<*6=PQ]X5]]#OUH&[EMAIL
PROTECTED]
MO7_2,S4RD$&2SBA;90A!,(_.YQ_]ZS"ZN(:<P2P,;P*5\N$!$HZ)5P>;IUOY
M8O9F!^\^(1/TKH0K*LH5?=\D$QE;K17-2I14<J=9PND_BTMO#77EU2FP,LOJ
M0DU-:[EMAIL PROTECTED]'[EMAIL PROTECTED]'L$^P5YVB>%3/*R>U((.!\L<9*7\<[EMAIL
PROTECTED]'C_UQVLY
MBG4JY'/?ERB*UP)H6:R1%6E,ZQ8`(;MCBT/(>2,[EMAIL PROTECTED]<,7?3V3,.'[EMAIL
PROTECTED]
M]6P9SJ+PVXW_G*<DG`<[EMAIL PROTECTED];IMNV
HI6$T$X:>,[W?GG6,^E=[,G+U&J4AK;_VJ$8Z^4.O_`+2%'MD:00``%^;
`
end
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <[EMAIL PROTECTED]> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
