httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mathihalli, Madhusudan" <mad...@hp.com>
Subject RE: SSL_CLIENT_S_DN and proxy
Date Fri, 14 May 2004 16:13:18 GMT

>-----Original Message-----
>From: Marc Stern [mailto:sternmarc@hotmail.com] 
>Sent: Wednesday, May 12, 2004 11:35 PM
>To: dev@httpd.apache.org
>Subject: Re: SSL_CLIENT_S_DN and proxy
>
>
>>From what I understand - and it seems confirmed by the test I 
>made - the header is modified (created) before Apache 
>populates the value. I tried with the header HTTP_HOST 
>"RequestHeader set X-HOST %{HTTP_HOST}e)", and the header is 
>created, but empty.
>
>Is the same feature available, but at the end of the treatment ?
>

That is correct - I had a similar requirement from a customer some time
back. 
The current method (using SSLOptions +StdEnvVars and RequestHeader)
suffers from 2 drawbacks:
1. (the one you pointed out)
2. With "SSLOptions +StdEnvVars" set, the performance degrades by almost
20%.

To get around the problem, I used a optional function from mod_ssl
(ssl_getenv) to get the variable values, and invoke it from mod_headers
if/when it's available - this fixes both (1) and (2).

I'll post the patch shortly - and if people don't see any issues, I can
submit it to the CVS also.

-Madhu

Mime
View raw message