GNU Mailman

SSL support broken: form posts hard coded to insecure URL

Bug #266201 reported by Graham Leggett on 2005-03-03

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	New	Medium	Unassigned	GNU Mailman 2.1-stable

Bug Description

After configuring mailman to be accessible from within
a secure webserver (httpd v2.1.3, RHEL3), if the
"create" option is used, the insecure http:// complete
website URL is encoded into the page form, thus
bypassing the secure webserver.

All forms should submit to relative URLs, which will
ensure that the correct website prefix is used.

The FAQ implies that mailman can be run on a secure
webserver and everything should "just work", however
this does not seem to be the case.

[http://sourceforge.net/tracker/index.php?func=detail&aid=1155455&group_id=103&atid=100103]

Tags:

Revision history for this message

Tokio Kikuchi (tkikuchi) wrote on 2005-03-03:

Have you set
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
in your mm_cfg.py ?
See 4.27 in mailman FAQ wizard:
http://www.python.org/cgi-bin/faqw-mm.py

Revision history for this message

Graham Leggett (minfrin) wrote on 2005-03-03:

No I have not - this was the problem.

Please could you add a section to the docs that points this
out about setting up SSL - it's way too easy to overlook a
tiny option such as this one.

In theory there is no need for mailman to post to an
absolute URL that I am aware of - is it possible to change
it to access relative URLs? This will make mailman
significantly easier to use on SSL sites.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.