rack: SSL Env vars can only be in Request.env

This reverts commit c702f76b271515e9c42dcb923d379fbfac4c83cd and turns it
into a documentation only fix. As it turns out, ENV should have never been
used at all, as the Rack docs say nothing about it *and* Passenger's
behaviour in 2.2.3 + 2.2.4 was completely broken and still is half-way broken
in 2.2.5 (but is OK with the Rack specs).

3 files changed, 8 insertions, 26 deletions

diff --git a/lib/puppet/network/http/rack/httphandler.rb b/lib/puppet/network/http/rack/httphandler.rb
index 31aa8371e..e14206850 100644
--- a/lib/puppet/network/http/rack/httphandler.rb
+++ b/lib/puppet/network/http/rack/httphandler.rb
@@ -12,23 +12,5 @@ class Puppet::Network::HTTP::RackHttpHandler
         raise NotImplementedError, "Your RackHttpHandler subclass is supposed to override service(request)"
     end
 
-    def ssl_client_header(request)
-        env_or_request_env(Puppet[:ssl_client_header], request)
-    end
-
-    def ssl_client_verify_header(request)
-        env_or_request_env(Puppet[:ssl_client_verify_header], request)
-    end
-
-    # Older Passenger versions passed all Environment vars in app(env),
-    # but since 2.2.3 they (some?) are really in ENV.
-    # Mongrel, etc. may also still use request.env.
-    def env_or_request_env(var, request)
-        if ENV.include?(var)
-            ENV[var]
-        else
-            request.env[var]
-        end
-    end
 end
 
diff --git a/lib/puppet/network/http/rack/rest.rb b/lib/puppet/network/http/rack/rest.rb
index bdca651d1..104751271 100644
--- a/lib/puppet/network/http/rack/rest.rb
+++ b/lib/puppet/network/http/rack/rest.rb
@@ -63,11 +63,11 @@ class Puppet::Network::HTTP::RackREST < Puppet::Network::HTTP::RackHttpHandler
         result[:ip] = request.ip
 
         # if we find SSL info in the headers, use them to get a hostname.
-        # try this with :ssl_client_header.
-        # For Apache you need special configuration, see ext/rack/README.
-        if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        # try this with :ssl_client_header, which defaults should work for
+        # Apache with StdEnvVars.
+        if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
             result[:node] = dn_matchdata[1].to_str
-            result[:authenticated] = (ssl_client_verify_header(request) == 'SUCCESS')
+            result[:authenticated] = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
             result[:node] = resolve_node(result)
             result[:authenticated] = false
diff --git a/lib/puppet/network/http/rack/xmlrpc.rb b/lib/puppet/network/http/rack/xmlrpc.rb
index 9d0f486bc..4fc9e82fc 100644
--- a/lib/puppet/network/http/rack/xmlrpc.rb
+++ b/lib/puppet/network/http/rack/xmlrpc.rb
@@ -43,11 +43,11 @@ class Puppet::Network::HTTP::RackXMLRPC < Puppet::Network::HTTP::RackHttpHandler
         ip = request.ip
 
         # if we find SSL info in the headers, use them to get a hostname.
-        # try this with :ssl_client_header.
-        # For Apache you need special configuration, see ext/rack/README.
-        if dn = ssl_client_header(request) and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
+        # try this with :ssl_client_header, which defaults should work for
+        # Apache with StdEnvVars.
+        if dn = request.env[Puppet[:ssl_client_header]] and dn_matchdata = dn.match(/^.*?CN\s*=\s*(.*)/)
             node = dn_matchdata[1].to_str
-            authenticated = (ssl_client_verify_header(request) == 'SUCCESS')
+            authenticated = (request.env[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
         else
             begin
                 node = Resolv.getname(ip)