The mailing list for listmasters using Sympa

[Olivier Salaün - CRU <address@concealed>]

Riccardo,

Maybe you should have a look at this patch, provided by M.Massar (univ Kaiserslautern) and integrated in Sympa's CVS development branch : http://sourcesup.cru.fr/cgi/viewcvs.cgi/sympa/wwsympa/wwsympa.fcgi?r1=1.661&r2=1.662

The description of the patch :

Sympa is now able to get the Email in SubjAltName.
As I was not able to find the mentioned patch to mod_ssl to get SSL_CLIENT_S_EMAIL exported, I wrote another patch based on SSL_CLIENT_CERT from "SSLOptions +ExportCertData"

Riccardo Veraldi wrote:

Seems the variables are ok but SSL_CLIENT_S_EMAIL is not present...
[...]

address@concealed wrote:

Riccardo Veraldi wrote:

Hello,
I am not able to do an authentication with certificates.
I installed certificate on the sympa server, and also the CA certificate.
I have a personal certificate released by the same CA.

in the ssl configuration I put

ScriptAlias /sympa  /usr/local/sympa/cgi-bin/wwsympa-wrapper

<Location /sympa>
  SSLOptions +StdEnvVars
  SetHandler fastcgi-script
</Location>

The browser asks me the password when I connect thru https
but then the normal login page is displayed and I Am not authenticated.

from the log files I have seen nothing of strange...
anyone has some hints ?

Does the certificat include a email ?
You should install pa cgi that show your certificat attributes as they are computed by mod_ssl (see the end of this mail I add some perl that do it )

SSL_CLIENT_S_EMAIL or SSL_CLIENT_S_DN_Email must be present. I search the code in wwsympa source, I see that SubjectAlternativeName (SSL_CLIENT_S_EMAIL) need a patch to mod_ssl (this was a comment from address@concealed)

#!/usr/bin/perl
print "Content-type: text/plain\n\n";
foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    print "${var}=\"${val}\"\n";
}

Serge Aumont