ID: 42552 User updated by: weisz at vcpc dot univie dot ac dot at Reported By: weisz at vcpc dot univie dot ac dot at -Status: Feedback +Status: Open Bug Type: Apache2 related Operating System: Linux PHP Version: 5.2.6 New Comment:
The proposed patch is only a dirty one (it restricts the number of OUs to 2 and the DN members with multiplicity to OU), and it unnecessarily puts the check in the wrong place. I checked the relevant code in ssl_engine_kernel.c and especially ssl_engine_vars.c. The function ssl_var_lookup_ssl_cert_dn() in ssl_engine_vars.c takes care of the retrieving of the DN subentries and I couldn't find a flaw when analysing its code (Apache 2.2.8 and 2.2.9 which I've tried both and got the same result). Where in the PHP code is the connection to the top level function ssl_var_lookup() that descends in multiple steps to ssl_var_lookup_ssl_cert_dn()? Previous Comments: ------------------------------------------------------------------------ [2008-09-23 00:13:30] [EMAIL PROTECTED] I do not see why PHP would not fetch these vars if apache made them available. Have you tried: http://www.mail-archive.com/[EMAIL PROTECTED]/msg17637.html ------------------------------------------------------------------------ [2008-09-22 17:13:29] weisz at vcpc dot univie dot ac dot at Please reopen this bug report that is still present in PHP 5.2.6 ------------------------------------------------------------------------ [2008-09-22 17:10:11] weisz at vcpc dot univie dot ac dot at I'm sorry to have overlooked the request to test getenv(): no getenv() doesnt provide the anser either. Now I'm at PHP version 5.2.6 and the bug is still there. phpinfo() shows clearly that only SSL_CLIENT_S_DN_OU is available to PHP, not the values for SSL_CLIENT_S_DN_OU_n (n being an integer value). PHP doesn't transmit transparently the value of the string parameter to Apache, but seems to "censor" any Apache variable name it seems not to know. Please reopen this bug report, change this behavior to enable the use of important and very helpful developments in Apache. ------------------------------------------------------------------------ [2007-11-06 01:00:01] php-bugs at lists dot php dot net No feedback was provided for this bug for over a week, so it is being suspended automatically. If you are able to provide the information that was originally requested, please do so and change the status of the bug back to "Open". ------------------------------------------------------------------------ [2007-10-29 14:40:35] [EMAIL PROTECTED] As this function only fetches stuff from the apache environment, it's not possible to be a PHP bug if these are not set in it. Have you tried to access those using getenv() instead? ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/42552 -- Edit this bug report at http://bugs.php.net/?id=42552&edit=1
