Return-Path: Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 43078 invoked by uid 500); 7 Jul 2003 17:37:04 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 43058 invoked from network); 7 Jul 2003 17:37:02 -0000 Message-ID: <3F09AFBA.4060708@dolphtech.com> Date: Mon, 07 Jul 2003 13:36:58 -0400 From: "Mark W. Webb" Reply-To: mark@dolphtech.com Organization: Dolphin Technology User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: dev@httpd.apache.org Subject: apache not passing cert chain to servlet or CGI Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-milter (http://www.amavis.org/) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N I have been working on a site that enforces mutually authenticated SSL using apache 2.0.46. I have compiled it from source using the following commands passed to the ./configure script: ./configure --enable-so --enable-ssl --with-ssl=/usr/local/ssl /usr/local/ssl contains openssl version 0.9.7b which I compiled from source using the default build configuration. I have tried both servlets and cgi and all I can get is the user certificate, not the certificate chain. I have tried looking at the mod_ssl code, and cannot figure out why the +ExportCertData directive will only tell apache to forward on the user certificate, not the chain. Can anyone provide me with some direction as to how I can get apache to send the certificate chain to either a cgi or servlet. Thank you