On Sat, Jul 17, 1999, Andrew Waegel wrote:
> I'm running into a problem with my perl scripts under mod_ssl - I get an
> error ('document contains no data' on Netscape Navigator v4.0 Mac, or
> 'security failure: a secure connection could not be established' on MSIE
> 4.5 Mac).
>
> The error only happns when Perl's Taint mode is turned on with -T on the
> first line of the script. Turn off taint mode, everyone's happy, mod_ssl is
> speedy and efficient.
>
> Taint mode works just fine on the non-ssl side of my site.
>
> I have a suspicion that this may have something to do with the http.conf
> file, but I can't seem to find anything there that might cause this
> behavior.
>
> It's probably not a huge problem for me, since I have exclusive access to
> my server, but it makes me nervous having to turn off security features
> like Taint mode without knowing why.
>
> Related info: redhat linux 5.2, pentium 400, apache 1.3.6, mod_perl 1.19,
> latest CGI.pm, mod_ssl-2.3.3/openssl1.3.6
Hmmm... you mean running the exact same scripts _with_ taining on under HTTP
works but not under HTTPS? I cannot believe this, because the whole Perl
tainting stuff is independent of SSL and I cannot image how this should
conflict. Instead I guess the mod_perl environment is exacly the same under
HTTP and HTTPS and perhaps this way it fails. The I/O errors seem to be caused
by the error messages from Perl, of course. But I think you've
to ask on [EMAIL PROTECTED] for more hints.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
