Bugs item #1155455, was opened at 2005-03-03 00:09 Message generated for change (Comment added) made by minfrin You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1155455&group_id=103 Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Graham Leggett (minfrin) Assigned to: Nobody/Anonymous (nobody) Summary: SSL support broken: form posts hard coded to insecure URL Initial Comment: After configuring mailman to be accessible from within a secure webserver (httpd v2.1.3, RHEL3), if the "create" option is used, the insecure http:// complete website URL is encoded into the page form, thus bypassing the secure webserver. All forms should submit to relative URLs, which will ensure that the correct website prefix is used. The FAQ implies that mailman can be run on a secure webserver and everything should "just work", however this does not seem to be the case. ----------------------------------------------------------------------
Comment By: Graham Leggett (minfrin) Date: 2005-03-03 01:00
Message: Logged In: YES user_id=129704 No I have not - this was the problem. Please could you add a section to the docs that points this out about setting up SSL - it's way too easy to overlook a tiny option such as this one. In theory there is no need for mailman to post to an absolute URL that I am aware of - is it possible to change it to access relative URLs? This will make mailman significantly easier to use on SSL sites. ---------------------------------------------------------------------- Comment By: Tokio Kikuchi (tkikuchi) Date: 2005-03-03 00:48 Message: Logged In: YES user_id=67709 Have you set DEFAULT_URL_PATTERN = 'https://%s/mailman/' in your mm_cfg.py ? See 4.27 in mailman FAQ wizard: http://www.python.org/cgi-bin/faqw-mm.py ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1155455&group_id=103