----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Jean-Luc,
I take your point on differences on SSL vars being different in the various
SSL implementations. However with my installation no SSL vars are been set
in the request structure. ie: the subprocess_env table is empty. When I add
the ApacheSSLAddCommonVars call into mod_jserv, it picks up SSL_CLIENT_DN,
and all other ssl vars seen the cgi.(to be expected, as it is the same
function call)
Regarding the "compatibility mode" in mod_ssl: I'm using Apache SSL, and I
can't see any corresponding config setting. I would expect a configure
setting would enable a #if/#endif block in the code, and I don't see any in
the modified(by apacheSSL code merge) Apache code that would do the job.
I don't have any experiance with mod_ssl, however, if there is an option to
statically compile in.....when/where does it pick up the SSL vars and load
the request object? ap_read_request in http_protocal.c?
>From: Jean-Luc Rochat <[EMAIL PROTECTED]>
>
>Chris Roberts wrote:
> >
> > My configuration: Apache 1.3.9, ApacheJServ1.1(DSO linked with EAPI
> > enabled), OpenSSL 0.9.4, ajpv12
> >
> > After completing my installation, I was able to access the SSL_CLIENT_DN
>in
> > the cgi enviroment, but not with servlets.
> >
> > I confirmed org.apache.jserv.JServConnection was not receiving
> > SSL_CLIENT_DN while reading the request data, and that mod_jserv was not
> > sending it in jserv_ajpv12.c(ajpv12_handler). That is,
> > request->subprocess_env was not null, but had no data in it's hash.
> >
> > After tracking through the apache code, the only place I could find that
>set
> > up request->subprocess_env, was in util_script.c(ap_add_common_vars)
>using
> > ApacheSSLAddCommonVars. As this is used when processing cgis, and not
> > servlets, this code is not called in my case.
> >
> > To get around the problem I have added a function call
> > "ApacheSSLAddCommonVars(request)" to jserv_ajpv12.c, just prior to
>sending
> > SSL_CLIENT_DN. I did it here to minimise the impact to my
>test/deployment
> > apache sites. ie: only changed mod_jserv.
> >
> > I presume I've incorrectly configured JServ, or perhaps apache? I would
>have
> > thought apache should have called "ApacheSSLAddCommonVars" in
> > http_protocol.c in ap_read_request.
> >
> > Where should request->subprocess_env be populated for servlet requests?
> >
> > What part of the configuration process have I messed up?
> >
> > Any ideas?
> >
>Hi Chris,
>
>could you please double check the name of your SSL vars in your CGI.
>because mod_jserv uses a set of variables that is not the same as
>apache-ssl or other ssl implementations :
>I assumed that the only "portable" (across all SSL implementations)
>variable env names had to be used, but in that case you need to tell
>mod_ssl to use "compatibility mode" like this :
>SSLOptions +CompatVars
>
>see : http://www.modssl.org/docs/2.4/ssl_compat.html#table2
> for the corresponding names.
>
>This seem to become a FAQ, and you are not alone in your case. I'll try
>to solve this problem if it is a problem (difficult because it is
>working on my home site !)
>
>Jean-Luc
>
>
>--
>--------------------------------------------------------------
>Please read the FAQ! <http://java.apache.org/faq/>
>To subscribe: [EMAIL PROTECTED]
>To unsubscribe: [EMAIL PROTECTED]
>Archives and Other: <http://java.apache.org/main/mail.html>
>Problems?: [EMAIL PROTECTED]
>
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
