Re: svn commit: r220307 - in /httpd/httpd/trunk/modules: metadata/mod_setenvif.c ssl/mod_ssl.c ssl/mod_ssl.h ssl/ssl_expr_eval.c

Tue, 16 Aug 2005 10:37:31 -0700 

On Tue, Aug 16, 2005 at 04:45:41PM +0100, David Reid wrote:
> Joe Orton wrote:
> > On Mon, Aug 15, 2005 at 02:36:18PM +0100, Joe Orton wrote:
> > 
> >>I just went to write a test case for the SetEnvIf function, and there 
> >>seems to be a rather annoying fundamental problem: the match_headers 
> >>hooks runs too early to be useful for this when doing per-dir client 
> >>cert negotiation.
> > 
> > 
> > I can't see any simple way round this, and I don't think this feature 
> > should go in 2.2 unless this can be solved.  Any ideas?
> 
> I've not looked at it in detail, so would have to dig through the code.
> Care to post your test case?

Well, try testing it in any configuration with "SSLVerifyClient require" 
in Directory or Location context rather than in the vhost context.

httpd-test test case:

mkdir t/htdocs/modules/setenvif/ssl

+ applying

Index: t/conf/extra.conf.in
===================================================================
--- t/conf/extra.conf.in        (revision 231019)
+++ t/conf/extra.conf.in        (working copy)
@@ -358,6 +358,11 @@
         Options +Includes
         AllowOverride All
     </Directory>
+
+    <Directory @SERVERROOT@/htdocs/modules/setenvif/ssl>
+        Options +Includes
+        AllowOverride All
+    </Directory>
 </IfModule>
 
 ##
Index: t/htdocs/modules/setenvif/ssl/.htaccess
===================================================================
--- t/htdocs/modules/setenvif/ssl/.htaccess     (revision 0)
+++ t/htdocs/modules/setenvif/ssl/.htaccess     (revision 0)
@@ -0,0 +1 @@
+SetEnvIf SSL_PeerExtList("2.16.840.1.113730.1.13") "(.*)" NETSCAPE_COMMENT=$1

Property changes on: t/htdocs/modules/setenvif/ssl/.htaccess
___________________________________________________________________
Name: svn:eol-style
   + native

Index: t/htdocs/modules/setenvif/ssl/peerextlist.shtml
===================================================================
--- t/htdocs/modules/setenvif/ssl/peerextlist.shtml     (revision 0)
+++ t/htdocs/modules/setenvif/ssl/peerextlist.shtml     (revision 0)
@@ -0,0 +1 @@
+0:<!--#echo var="NETSCAPE_COMMENT"-->

Property changes on: t/htdocs/modules/setenvif/ssl/peerextlist.shtml
___________________________________________________________________
Name: svn:eol-style
   + native

Index: t/ssl/setenvif.t
===================================================================
--- t/ssl/setenvif.t    (revision 0)
+++ t/ssl/setenvif.t    (revision 0)
@@ -0,0 +1,21 @@
+use strict;
+use warnings FATAL => 'all';
+
+use Apache::Test;
+use Apache::TestRequest;
+use Apache::TestUtil;
+
+plan tests => 2, need 'setenvif', need_min_apache_version("2.1.6");
+
+Apache::TestRequest::scheme("https");
+
+my $r = GET("/require/asf/modules/setenvif/ssl/peerextlist.shtml", cert => 
'client_ok');
+
+ok t_cmp($r->code, 200, "fetched page works");
+
+my $c = $r->content;
+
+chomp $c;
+
+ok t_cmp($c, "0:This Is A Comment", "Retrieve nsComment extension");
+

Reply via email to