httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Stern" <sternm...@hotmail.com>
Subject SSL_CLIENT_S_DN and proxy
Date Wed, 12 May 2004 11:09:03 GMT
When using Apache as a proxy:
  ( brower  --https-->  Apache + mod_proxy  --https-->  Web server )
the Web server never receives the user's certificate info, because only the
proxy is seen by the Web server. That means that all headers SSL_CLIENT_*
contain the proxy certificate info, not the user certificate info.

Is there a way to get the user's certificate info ?
Otherwise, I propose to add (at least) a header containing the client
Distinguish Name (something like SSL_REMOTE_CLIENT_S_DN ?).

This value should be passed without modification through all proxies.
As the client could spoof it, we also need a parameter to explicitely state
that we accept the given header; if not, we overwrite it.

Does this sound reasonable ?

Marc

Mime
View raw message