[mod_python] mod-gnutls 'SSL_SRP_USER' and ModPython

Graham Dumpleton graham.dumpleton at gmail.com
Sun Jul 27 02:36:40 EDT 2008 

Haven't mod_python code in front of me right now, but I suspect that
if SSL_SRP_USER is being set to None, it is because in the underlying
request_rec->subprocess_env in Apache C code, the value is referencing
a null pointer rather than a valid string value. You would need to ask
the module developers for the code that sets that variable in the
first place why it is a null pointer and not an actual string value,
even if it is an empty string value.

Also, the traceback suggests code:

  os.environ.update(req.subprocess_env)

is being executed. Again, don't have code to hand to look at, but me
thinks that means you are running mod_python.cgihandler. If that is
the case, I would really recommend you don't as the CGI handler in
mod_python is quite a hack and shouldn't be used for any serious
stuff. These days I'd suggest you port your CGI applications to use
WSGI instead thereby not relying on os.environ as means of being
passed request information in the first place.

Graham

2008/7/26 Ambrose Andrews <ambrose-bulk at vrvl.net>:
> [ N.B.  i sent an identical message to the mod_gnutls list, and send it
> here too now since its an issue of interaction and i don't know
> precisely where the problem lies.  -AA. ]
>
> Hi...
>
> I run Debian 'Lenny' testing with:
> Apache2 v 2.2.9
> Mod-Python v 3.3.1
> Mod-GnuTLS v 0.5.1
>
> I've struck some mod-gnutls specific trouble in interaction with
> modpython - see this traceback:
>
> """
> MOD_PYTHON ERROR
>
> ProcessId:      15879
> Interpreter:    'CRYPTO'
>
> ServerName:     'www.pathogens.vrvl.net'
> DocumentRoot:   '/var/www/SSL_www.zed.vrvl.net/'
>
> URI:            '/'
> Location:       '/'
> Directory:      None
> Filename:       '/var/www/SSL_www.zed.vrvl.net/'
> PathInfo:       ''
>
> Phase:          'PythonHandler'
> Handler:        'django.core.handlers.modpython'
>
> Traceback (most recent call last):
>
>  File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line
> 1537, in HandlerDispatch
>    default=default_handler, arg=req, silent=hlist.silent)
>
>  File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line
> 1229, in _process_target
>    result = _execute_target(config, req, object, arg)
>
>  File "/usr/lib/python2.5/site-packages/mod_python/importer.py", line
> 1128, in _execute_target
>    result = object(arg)
>
>  File "/var/lib/python-support/python2.5/django/core/handlers/modpython.py",
> line 177, in handler
>    return ModPythonHandler()(req)
>
>  File "/var/lib/python-support/python2.5/django/core/handlers/modpython.py",
> line 137, in __call__
>    os.environ.update(req.subprocess_env)
>
>  File "/usr/lib/python2.5/os.py", line 489, in update
>    self[k] = dict[k]
>
>  File "/usr/lib/python2.5/os.py", line 474, in __setitem__
>    putenv(key, item)
>
> TypeError: putenv() argument 2 must be string, not None
> """
>
> So to investigate, from inside a modpython script I get this output
> for str(req.subprocess_env):
>
> {
> 'SCRIPT_NAME': '/',
>  'REQUEST_URI': '/',
>  'QUERY_STRING': '',
>  'REQUEST_METHOD': 'GET',
>  'SERVER_PROTOCOL': 'HTTP/1.1',
>  'GATEWAY_INTERFACE': 'CGI/1.1',
>  'SSL_SERVER_S_AN1': 'UNSUPPORTED',
>  'SSL_SERVER_S_AN0': 'DNSNAME:*.pathogens.vrvl.net',
>  'SSL_SERVER_A_KEY': 'RSA',
>  'SSL_SERVER_A_SIG': 'RSA-SHA',
>  'SSL_SERVER_V_START': 'Jul 21 10:36:39 2008 EST',
> 'SSL_SERVER_V_END': 'Jul 21 10:36:39 2010 EST',
> 'SSL_SERVER_CERT_TYPE': 'X.509',
>  'SSL_SERVER_M_VERSION': '3',
>  'SSL_SERVER_M_SERIAL': '5B8F',
>  'SSL_SERVER_I_DN': 'O=CAcert Inc.,OU=http://www.CAcert.org,CN=CAcert
> Class 3 Root',
>  'SSL_SERVER_S_DN': 'CN=*.pathogens.zed.vrvl.net',
>  'SSL_SESSION_ID':
> '2352784F1DDE3AA3687B3ED53D6C7055CBC3BA2F80B13B58760B9C33B9413EA2',
> 'SSL_CIPHER_EXPORT': 'false',
> 'SSL_CIPHER_ALGKEYSIZE': '256',
> 'SSL_CIPHER_USEKEYSIZE': '256',
>  'SSL_CLIENT_VERIFY': 'NONE',
>  'SSL_SRP_USER': None,
>  'SSL_COMPRESS_METHOD': 'NULL',
>  'SSL_CIPHER': 'DHE_RSA_AES_256_CBC_SHA1',
> 'SSL_PROTOCOL': 'SSL3.0',
> 'SSL_VERSION_INTERFACE': 'mod_gnutls/0.5.1',
> 'SSL_VERSION_LIBRARY': 'GnuTLS/2.2.1',
> 'HTTPS': 'on'
> }
>
> and was offered the following observation in the Django irc channel:
>
> """
> 19:47 < Magus-> aha
> 19:47 < Magus-> SSL_SRP_USER is being set wrong
> 19:48 < Magus-> it is None instead of a string like "NONE" like
> SSL_CLIENT_VERIFY is set to
> 19:48 < Magus-> since you can't update environ with None as an env var value
> 19:51 < Magus-> its probably an issue in the module though, unless its
> the modpython handler replacing None with 'NONE' on the other bits
>
> """
>
> So I don't know if the problem is modpython not dealing with an exotic
> environment variable it doesn't get from mod-ssl or whether it is a
> mod-gnutls inconsistency.  Anyone know?
>
>
>  -AA.
>
>
>
> --
> Ambrose Andrews
> LPO box 8274 ANU Acton ACT 0200 Australia
> http://www.vrvl.net/~ambrose/
> mailto:ambrose at vrvl.net
> home:+61_262305976
> work:+61_261256749
> mobile:+61_415544621
> irc:{undernet|freenode|oftc}:znalo
> xmpp:ambrose at jabber.fsfe.org
> sip:znalo at ekiga.net
> CE38 8B79 C0A7 DF4A 4F54 E352 2647 19A1 DB3B F823
> 556A 6D19 0904 827C 9DB8 3697 32D0 1E11 403F 2BE1
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>

More information about the Mod_python mailing list