Re: Apache2: mod_rewrite and mod_ssl interaction changed?

Mon, 28 Jul 2003 03:17:32 -0700 

On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
> I am in the process of upgrading a site from 1.3.x to 2.0.47, and have
> encountered a (perhaps obscure) problem.
> 
> For mod_rewrite I sometimes need to extract and/or test client
> certificate field values.
> 
> Under 1.3.27/2.8.14 and earlier I could use - (at virtual host level):
> 
> ===================
> 
> SSLEngine on
> ...
> SSLVerifyClientRequire
> SSLOptions +StdEnvVars +StrictRequire
> ...
> RewriteEngine on
> RewriteLogLevel 9
> ...
> RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
> 
> ====================
> 
> As of apache 2, the rewrite log shows that the SSL_X environment
> variables (and the HTTPS variable) are not being set during the lookahead.
> 
> Can anyone think what might have changed that would cause this? e.g. any
> changes in the ssl fixup-phase hook handler and sub-request handling?

Yes, a few people have reported this problem... the mod_ssl fixup
handler is running to late to be useful like this in 2.0: you should be
able to fix it as below:

Index: mod_ssl.c
===================================================================
RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.86
diff -u -r1.86 mod_ssl.c
--- mod_ssl.c   24 Jun 2003 21:40:32 -0000      1.86
+++ mod_ssl.c   28 Jul 2003 10:17:26 -0000
@@ -508,7 +508,7 @@
     ap_hook_child_init    (ssl_init_Child,         NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
-    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_REALLY_FIRST);
     ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to