[mod_python] Re: reading mod_ssl variables from mod_python

Deron Meranda deron.meranda at gmail.com
Wed Feb 15 17:11:39 EST 2006


I'm not sure what your _mp_mod_ssl module is (perhaps you said
off this list?).  I'm assuming it's a wrapper of sorts around my ssl
patches in MODPYTHON-94.

Please keep in mind though that if you're using my patch as it was
attached in issue http://issues.apache.org/jira/browse/MODPYTHON-94
that we have since decided to rename the function ssl_var() to
be ssl_var_lookup() .   Just so you won't be surprised when it finally
makes it into a release.

> On 16/02/2006, at 6:10 AM, Tomasz Wlodek wrote:
> > def authenhandler(req):
> >     req.add_common_vars()
> >     name='SSL_CLIENT_S_DN'

Make sure that your apache mod_ssl SSLOptions directive has
the ExportCertData option enabled.

> >     is_https = _mp_mod_ssl.is_https(req)
> >     if is_https!=1:

Drop the "!=1" part.  This may become a boolean True/False
at some point.

> >         return apache.HTTP_FORBIDDEN
> >     else:
> >         lookup = _mp_mod_ssl.var_lookup(req,name)
> >         req.write(lookup)
> >         return apache.OK

> > The problem is that the code does not seem to be stable: sometimes it
> > returns correctly my DN. Sometimes it fails on the lookup =
> > _mp_mod_ssl.var_lookup(req,name) line.

> > [Wed Feb 15 14:00:13 2006] [error] (13)Permission denied: Cannot open
> > SSLSessionCache DBM file `/var/cache/mod_ssl/scache' for scanning

Hmm.  This apache error would seem to be somewhat important.
Can you try using a different SSL cache type (the mod_ssl
SSLSessionCache directive).

Also check on your SSLMutex option.  What you set it too may depend
on the type of apache MPM you're using.

Also you should try to determine why the permission denied errors
are occuring in the first place.  Are you perhaps running under
SELinux or something?

Deron Meranda

More information about the Mod_python mailing list