The mailing list for listmasters using Sympa

[address@concealed]

Riccardo Veraldi wrote:

Hello,
I am not able to do an authentication with certificates.
I installed certificate on the sympa server, and also the CA certificate.
I have a personal certificate released by the same CA.

in the ssl configuration I put

ScriptAlias /sympa  /usr/local/sympa/cgi-bin/wwsympa-wrapper

<Location /sympa>
  SSLOptions +StdEnvVars
  SetHandler fastcgi-script
</Location>

The browser asks me the password when I connect thru https
but then the normal login page is displayed and I Am not authenticated.

from the log files I have seen nothing of strange...
anyone has some hints ?

Does the certificat include a email ?
You should install pa cgi that show your certificat attributes as they are computed by mod_ssl (see the end of this mail I add some perl that do it )

SSL_CLIENT_S_EMAIL or SSL_CLIENT_S_DN_Email must be present. I search the code in wwsympa source, I see that SubjectAlternativeName (SSL_CLIENT_S_EMAIL) need a patch to mod_ssl (this was a comment from address@concealed)

#!/usr/bin/perl
print "Content-type: text/plain\n\n";
foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    print "${var}=\"${val}\"\n";
}

Serge Aumont