Subject: pkg/17468: apache's suexec program is not modssl friendly....
To: None <gnats-bugs@gnats.netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 07/03/2002 14:46:56 
>Number:         17468
>Category:       pkg
>Synopsis:       apache's suexec program is not modssl friendly....
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 03 11:48:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Greg A. Woods
>Release:        pkgsrc-2002/07/02
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD
>Description:

	the suexec program included with Apache is not modssl friendly
	w.r.t. the environment variables it hands over to CGI programs

	This fix should probably be submitted to the Apache developers,
	but I've not done that (and there doesn't seem to be a proper
	bug-reporting e-mail address to CC this report to...).

>How-To-Repeat:

	try debugging CGIs and their environment while using SSL connections

>Fix:

	add the following patch to the www/apache pkgsrc module:
	(this list of environment variables may not be 100% up-to-date,
	but it's still working reasonably with 1.3.26)

#ident "@(#)$NetBSD$"

--- src/support/suexec.c.orig	Thu Mar  8 13:11:43 2001
+++ src/support/suexec.c	Wed Aug 15 17:58:31 2001
@@ -137,9 +137,16 @@
     "DOCUMENT_URI",
     "FILEPATH_INFO",
     "GATEWAY_INTERFACE",
+    "HTTPS",
+    "HTTP_ACCEPT",
+    "HTTP_ACCEPT_CHARSET",
+    "HTTP_CONNECTION",
+    "HTTP_HOST",
+    "HTTP_USER_AGENT",
     "LAST_MODIFIED",
     "PATH_INFO",
     "PATH_TRANSLATED",
+    "PYTHONPATH",
     "QUERY_STRING",
     "QUERY_STRING_UNESCAPED",
     "REMOTE_ADDR",
@@ -156,12 +163,44 @@
     "SCRIPT_NAME",
     "SCRIPT_URI",
     "SCRIPT_URL",
+    "SERVER_ADDR",
     "SERVER_ADMIN",
     "SERVER_NAME",
-    "SERVER_ADDR",
     "SERVER_PORT",
     "SERVER_PROTOCOL",
+    "SERVER_SIGNATURE",
     "SERVER_SOFTWARE",
+    "SSL_CIPHER",
+    "SSL_CIPHER_ALGKEYSIZE",
+    "SSL_CIPHER_EXPORT",
+    "SSL_CIPHER_USEKEYSIZE",
+    "SSL_CLIENT_VERIFY",
+    "SSL_PROTOCOL",
+    "SSL_SERVER_A_KEY",
+    "SSL_SERVER_A_SIG",
+    "SSL_SERVER_I_DN",
+    "SSL_SERVER_I_DN_C",
+    "SSL_SERVER_I_DN_CN",
+    "SSL_SERVER_I_DN_Email",
+    "SSL_SERVER_I_DN_L",
+    "SSL_SERVER_I_DN_O",
+    "SSL_SERVER_I_DN_OU",
+    "SSL_SERVER_I_DN_ST",
+    "SSL_SERVER_M_SERIAL",
+    "SSL_SERVER_M_VERSION",
+    "SSL_SERVER_S_DN",
+    "SSL_SERVER_S_DN_C",
+    "SSL_SERVER_S_DN_CN",
+    "SSL_SERVER_S_DN_Email",
+    "SSL_SERVER_S_DN_L",
+    "SSL_SERVER_S_DN_O",
+    "SSL_SERVER_S_DN_OU",
+    "SSL_SERVER_S_DN_ST",
+    "SSL_SERVER_V_END",
+    "SSL_SERVER_V_START",
+    "SSL_SESSION_ID",
+    "SSL_VERSION_INTERFACE",
+    "SSL_VERSION_LIBRARY",
     "UNIQUE_ID",
     "USER_NAME",
     "TZ",
>Release-Note:
>Audit-Trail:
>Unformatted: