|
Deron Meranda
deron.meranda at gmail.com
Wed Feb 15 17:11:39 EST 2006
Tomasz, I'm not sure what your _mp_mod_ssl module is (perhaps you said off this list?). I'm assuming it's a wrapper of sorts around my ssl patches in MODPYTHON-94. Please keep in mind though that if you're using my patch as it was attached in issue http://issues.apache.org/jira/browse/MODPYTHON-94 that we have since decided to rename the function ssl_var() to be ssl_var_lookup() . Just so you won't be surprised when it finally makes it into a release. > On 16/02/2006, at 6:10 AM, Tomasz Wlodek wrote: > > def authenhandler(req): > > req.add_common_vars() > > name='SSL_CLIENT_S_DN' Make sure that your apache mod_ssl SSLOptions directive has the ExportCertData option enabled. > > is_https = _mp_mod_ssl.is_https(req) > > if is_https!=1: Drop the "!=1" part. This may become a boolean True/False at some point. > > return apache.HTTP_FORBIDDEN > > else: > > lookup = _mp_mod_ssl.var_lookup(req,name) > > req.write(lookup) > > return apache.OK > > The problem is that the code does not seem to be stable: sometimes it > > returns correctly my DN. Sometimes it fails on the lookup = > > _mp_mod_ssl.var_lookup(req,name) line. > > [Wed Feb 15 14:00:13 2006] [error] (13)Permission denied: Cannot open > > SSLSessionCache DBM file `/var/cache/mod_ssl/scache' for scanning Hmm. This apache error would seem to be somewhat important. Can you try using a different SSL cache type (the mod_ssl SSLSessionCache directive). Also check on your SSLMutex option. What you set it too may depend on the type of apache MPM you're using. Also you should try to determine why the permission denied errors are occuring in the first place. Are you perhaps running under SELinux or something? -- Deron Meranda
|