[BugDB] "require" field via FakeBasicAuth broken on indexes (PR#708)

Full_Name: Jason Haar
Version: 2.8.4 through 2.8.8
OS: Linux
Submission from: (NULL) (203.96.111.202)


I've got SSL certs and FakeBasicAuth 99.9% working well.

e.g.

With a valid client cert and that DN put into a DB file, I can view
https://domain/dir/test.php, and I've written that to show me SSL_CLIENT_CN,etc
- all fine

If I remove that DN from the DB file, then I get access denied - all fine

If I revoke the cert I get "your cert has been revoked" (except under IE that
reports "the server cert has been revoked - this site should not be trusted" -
GAHHH!! I think that's an IE bug - Mozilla does it right.

However, that's an aside.

If I have a valid cert and can view https://domain/dir/test.php correctly, then
try to go to https://domain/dir/, I get "access denied".

If I remove the "require valid-user" line, https://domain/dir/ starts
working...

No error of any description is reported in error_log of ssl_engine_log, but
access_log shows the 403.

It looks like there's an ordering problem there somewhere. I've whacked in
"Options All","AllowOverride All" to no avail. That dir works fine under http
and https as long as there's no require statement.

Any ideas?

Thanks

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org