Package: libapache2-mod-auth-openid Version: 0.5-1 When running on an https enabled host, libapache2-mod-auth-openid identifies the host to the openid provider with the prefix http, rather than https. If I use AuthOpenIDTrustRoot to force it to use https, then I get an endless redirect between the consumer and the provider.
This problem was fixed upstream in 0.6. I've backported and tested the attached patch which fixes the problem.
--- mod_auth_openid.cpp.orig 2011-07-19 20:01:36.000000000 -0400
+++ mod_auth_openid.cpp 2011-07-19 20:02:04.000000000 -0400
@@ -47,9 +47,6 @@
typedef const char *(*CMD_HAND_TYPE) ();
-// determine if a connection is using https - only took 1000 years to figure this one out
-static APR_OPTIONAL_FN_TYPE(ssl_is_https) *using_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
-
static void *create_modauthopenid_config(apr_pool_t *p, char *s) {
modauthopenid_config *newcfg;
newcfg = (modauthopenid_config *) apr_pcalloc(p, sizeof(modauthopenid_config));
@@ -175,6 +172,8 @@
std::string hostname(r->hostname);
std::string uri(r->uri);
apr_port_t i_port = ap_get_server_port(r);
+ // determine if a connection is using https - only took 1000 years to figure this one out
+ static APR_OPTIONAL_FN_TYPE(ssl_is_https) *using_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
std::string prefix = (using_https != NULL && using_https(r->connection)) ? "https://"; : "http://";;
char *port = apr_psprintf(r->pool, "%lu", (unsigned long) i_port);
std::string s_port = (i_port == 80 || i_port == 443) ? "" : ":" + std::string(port);
signature.asc
Description: Digital signature
