On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote: > I am in the process of upgrading a site from 1.3.x to 2.0.47, and have > encountered a (perhaps obscure) problem. > > For mod_rewrite I sometimes need to extract and/or test client > certificate field values. > > Under 1.3.27/2.8.14 and earlier I could use - (at virtual host level): > > =================== > > SSLEngine on > ... > SSLVerifyClientRequire > SSLOptions +StdEnvVars +StrictRequire > ... > RewriteEngine on > RewriteLogLevel 9 > ... > RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*) > > ==================== > > As of apache 2, the rewrite log shows that the SSL_X environment > variables (and the HTTPS variable) are not being set during the lookahead. > > Can anyone think what might have changed that would cause this? e.g. any > changes in the ssl fixup-phase hook handler and sub-request handling?
Yes, a few people have reported this problem... the mod_ssl fixup handler is running to late to be useful like this in 2.0: you should be able to fix it as below: Index: mod_ssl.c =================================================================== RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v retrieving revision 1.86 diff -u -r1.86 mod_ssl.c --- mod_ssl.c 24 Jun 2003 21:40:32 -0000 1.86 +++ mod_ssl.c 28 Jul 2003 10:17:26 -0000 @@ -508,7 +508,7 @@ ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); - ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_REALLY_FIRST); ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]