[mod_python] Re: reading mod_ssl variables from mod_python

Graham Dumpleton grahamd at dscpl.com.au
Wed Feb 15 16:32:58 EST 2006 

Please keep stuff on the mailing list. I have resent this to the list  
and
when I have a chance to look properly will respond.

On 16/02/2006, at 6:10 AM, Tomasz Wlodek wrote:

> Hi,
>
> few weeks ago you gave me a patch which was intended to allow me to  
> read
> mod_ssl variables from mod_python authentication handler.
>
> I installed it on my site, compiled (no errors nor warnings) and  
> converted
> to python module. Then I inserted it in mod_python authentication  
> handler:
>
> from mod_python import apache
> import _mp_mod_ssl
> import os
>
> def authenhandler(req):
>     req.add_common_vars()
>     name='SSL_CLIENT_S_DN'
>     is_https = _mp_mod_ssl.is_https(req)
>     if is_https!=1:
>         return apache.HTTP_FORBIDDEN
>     else:
>         lookup = _mp_mod_ssl.var_lookup(req,name)
>         req.write(lookup)
>         return apache.OK
>
> The code is supposed to check whether the use presented a  
> certificate, if
> yes let him in. Otherwise reject him.
>
> The problem is that the code does not seem to be stable: sometimes it
> returns correctly my DN. Sometimes it fails on the lookup =
> _mp_mod_ssl.var_lookup(req,name) line. If I do some innocent code
> rearrangement it is enough to make the code fail. I see no apparent  
> reason
> why sometimes it fails and sometimes works.
>
> The apache error log says only:
>
> [Wed Feb 15 13:59:18 2006] [notice] child pid 14273 exit signal  
> Aborted
> (6)
> [Wed Feb 15 14:00:13 2006] [error] (13)Permission denied: Cannot open
> SSLSessionCache DBM file `/var/cache/mod_ssl/scache' for scanning
> [Wed Feb 15 14:00:13 2006] [error] (13)Permission denied: Cannot open
> SSLSessionCache DBM file `/var/cache/mod_ssl/scache' for reading  
> (fetch)
> [Wed Feb 15 14:00:15 2006] [notice] mod_python: (Re)importing module
> 'myhandler'
> *** glibc detected *** free(): invalid next size (fast): 0x083e0a90  
> ***
> [Wed Feb 15 14:00:15 2006] [notice] child pid 13342 exit signal  
> Aborted
> (6)
>
> Is there a simple way to debug the code?
>
> Another question: In the example above I get the value of variable
> SSL_CLIENT_S_DN (user DN). It sometimes reads the DN correctly and
> sometimes not. But when I try to read the variable SSL_CLIENT_CERT  
> (user
> certificate) the code always fails. Any idea what could be wrong?
>
> Tomasz Wlodek                        | tel 631-344-7448
> Brookhaven Laboratory, Building 510M | fax 631-344-7616
> Upton NY 11973-5000                  |

More information about the Mod_python mailing list