[mod_python] Re: reading mod_ssl variables from mod_python

Graham Dumpleton grahamd at dscpl.com.au
Wed Feb 15 18:37:36 EST 2006 

Deron Meranda wrote ..
> 
> I'm not sure what your _mp_mod_ssl module is (perhaps you said
> off this list?).  I'm assuming it's a wrapper of sorts around my ssl
> patches in MODPYTHON-94.

The _mp_mod_ssl module existed long before your suggested patch.
It was a proof of concept to show that the sort of SSL stuff could be
done without even needing to modify mod_python.

I refered you to it when you first talked about your patches:

  http://www.modpython.org/pipermail/mod_python/2005-November/019609.html

I take it you must not have looked at it. :-(

Graham

> Please keep in mind though that if you're using my patch as it was
> attached in issue http://issues.apache.org/jira/browse/MODPYTHON-94
> that we have since decided to rename the function ssl_var() to
> be ssl_var_lookup() .   Just so you won't be surprised when it finally
> makes it into a release.
>
> > On 16/02/2006, at 6:10 AM, Tomasz Wlodek wrote:
> > > def authenhandler(req):
> > >     req.add_common_vars()
> > >     name='SSL_CLIENT_S_DN'
> 
> Make sure that your apache mod_ssl SSLOptions directive has
> the ExportCertData option enabled.
> 
> > >     is_https = _mp_mod_ssl.is_https(req)
> > >     if is_https!=1:
> 
> Drop the "!=1" part.  This may become a boolean True/False
> at some point.
> 
> > >         return apache.HTTP_FORBIDDEN
> > >     else:
> > >         lookup = _mp_mod_ssl.var_lookup(req,name)
> > >         req.write(lookup)
> > >         return apache.OK
> 
> 
> > > The problem is that the code does not seem to be stable: sometimes
> it
> > > returns correctly my DN. Sometimes it fails on the lookup =
> > > _mp_mod_ssl.var_lookup(req,name) line.
> 
> > > [Wed Feb 15 14:00:13 2006] [error] (13)Permission denied: Cannot open
> > > SSLSessionCache DBM file `/var/cache/mod_ssl/scache' for scanning
> 
> Hmm.  This apache error would seem to be somewhat important.
> Can you try using a different SSL cache type (the mod_ssl
> SSLSessionCache directive).
> 
> Also check on your SSLMutex option.  What you set it too may depend
> on the type of apache MPM you're using.
> 
> Also you should try to determine why the permission denied errors
> are occuring in the first place.  Are you perhaps running under
> SELinux or something?
> 
> --
> Deron Meranda
> 
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python

More information about the Mod_python mailing list