Bug 52616 - SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)
Summary: SSLUserName uses SSL_CLIENT_S_DN insted of SSL_CLIENT_S_DN_CN (or any x509)
Status: REOPENED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ssl (show other bugs)
Version: 2.2.16
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-07 06:14 UTC by m-one
Modified: 2020-09-26 13:44 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description m-one 2012-02-07 06:14:59 UTC
I've trouble using SSL_CLIENT_S_DN_CN in SSLUserName with FakeBasicAuth.

My apache config:

<Location /repos>
    SSLOptions +FakeBasicAuth +StdEnvVars
    SSLUserName SSL_CLIENT_S_DN_CN
    AuthName "Restricted area"
    AuthType Basic
    AuthUserFile /etc/apache2/fakeauth.passwd
    require valid-user
</Location>

In this case SSL_CLIENT_S_DN_CN equals SSL_CLIENT_S_DN. I've used patch http://reki.ru/products/subversion/patch-server-ssl_engine_kernel.c which correct this behaviour to the right way.
Comment 1 Ruediger Pluem 2012-02-07 12:51:38 UTC
At best this is a missing feature as the documentation (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslusername) clearly states that SSLUserName and FakeBasicAuth do not work in conjunction.
Comment 2 Graham Leggett 2013-01-12 11:28:18 UTC
Fixed in httpd-trunk r1432322, proposed for backport to v2.4.