[mod_python] apache 2.0.54 and SSLUserName

Eric Jonas jonas at cortical.mit.edu
Tue May 24 17:18:05 EDT 2005


Hello! I've been using trac, a nice python integrated
bug-tracker/wiki/source browser, and recently an apt-get update/upgrade
broke SSLUserName on apache 2.0.54. I'm trying to figure out what the
problem might be. 

SSLUserName is used on apache to substitute some substring of a
certificate's full DN as the req.user username that is then used by
modules. For example, with the following in my config file:

        <Directory /soma/www/pytest>
                AddHandler mod_python .py
                PythonHandler mptest
                PythonDebug On
          SSLRequireSSL
          SSLVerifyClient require
          SSLVerifyDepth       5
          SSLUserName     SSL_CLIENT_S_DN_CN
          SSLOptions           +FakeBasicAuth
          AuthName             "Authentication"
          AuthType             Basic
          AuthUserFile         /foo/httpd.password
          require              valid-user
        </Directory>

And a test file, 


from mod_python import apache

import os
def handler(req):
    req.content_type = "text/plain"
    outstr = "USER IS %s" % req.user
    req.write(outstr)
    return apache.OK


I should get 
   USER IS Eric M Jonas

But instead get:

USER IS /C=US/ST=Massachusetts/O=Massachusetts Institute of
Technology/OU=Client CA v1/CN=Eric M Jonas/emailAddress=jonas at MIT.EDU

This is really unfortunate because the full /C=US(etc) string sucks from
a usability point of view, and I swear this was working in 2.0.52. Has
anyone else experienced this sort of problem? 


Thanks,
		...Eric


More information about the Mod_python mailing list