Return-Path: 
 <dev-return-42287-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 84607 invoked from network); 13 May 2004 06:34:27 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 13 May 2004 06:34:27 -0000
Received: (qmail 68643 invoked by uid 500); 13 May 2004 06:34:53 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 68571 invoked by uid 500); 13 May 2004 06:34:53 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 68548 invoked by uid 98); 13 May 2004 06:34:53 -0000
Received: from sternmarc@hotmail.com by hermes.apache.org by uid 82 with
 qmail-scanner-1.20
 (clamuko: 0.70.  Clear:RC:0(64.4.35.197):.
 Processed in 0.012972 secs); 13 May 2004 06:34:53 -0000
X-Qmail-Scanner-Mail-From: sternmarc@hotmail.com via hermes.apache.org
X-Qmail-Scanner: 1.20 (Clear:RC:0(64.4.35.197):. Processed in 0.012972 secs)
Received: from unknown (HELO hotmail.com) (64.4.35.197)
  by hermes.apache.org with SMTP; 13 May 2004 06:34:52 -0000
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 12 May 2004 23:34:06 -0700
Received: from 20.138.1.245 by bay12-dav23.bay12.hotmail.com with DAV;
	Thu, 13 May 2004 06:34:05 +0000
X-Originating-IP: [20.138.1.245]
X-Originating-Email: [sternmarc@hotmail.com]
X-Sender: sternmarc@hotmail.com
From: "Marc Stern" <sternmarc@hotmail.com>
To: <dev@httpd.apache.org>
References: <BAY12-DAV33nDScPYws0000b8a4@hotmail.com>
 <20040512132738.GA11663@redhat.com>
Subject: Re: SSL_CLIENT_S_DN and proxy
Date: Thu, 13 May 2004 08:34:31 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Message-ID: <BAY12-DAV23zDv60gxa0000e0bc@hotmail.com>
X-OriginalArrivalTime: 13 May 2004 06:34:06.0203 (UTC)
 FILETIME=[4A1EFCB0:01C438B4]
X-Spam-Rating: hermes.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

>From what I understand - and it seems confirmed by the test I made - the
header is modified (created) before Apache populates the value.
I tried with the header HTTP_HOST "RequestHeader set X-HOST %{HTTP_HOST}e)",
and the header is created, but empty.

Is the same feature available, but at the end of the treatment ?

Marc

----- Original Message ----- 
From: "Joe Orton" <jorton@redhat.com>
To: <dev@httpd.apache.org>
Sent: Wednesday, May 12, 2004 3:27 PM
Subject: Re: SSL_CLIENT_S_DN and proxy


> On Wed, May 12, 2004 at 01:09:03PM +0200, Marc Stern wrote:
> > When using Apache as a proxy:
> >   ( brower  --https-->  Apache + mod_proxy  --https-->  Web server )
> > the Web server never receives the user's certificate info, because only
the
> > proxy is seen by the Web server. That means that all headers
SSL_CLIENT_*
> > contain the proxy certificate info, not the user certificate info.
> >
> > Is there a way to get the user's certificate info ?
>
> On the proxy use, e.g.:
>
> SSLOptions +StdEnvVars
> RequestHeader set X-Foo %{SSL_CLIENT_S_DN}e
>
> and the client DN is passed through to the backend in the X-Foo header.
>
> joe
>