httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <oh...@cox.net>
Subject Re: How to access client certificate PEM and incoming request headers in a module?
Date Mon, 18 Jun 2012 18:54:45 GMT
Hi,

Also, I configured the Apache for client-authenticated SSL, and hit the https://<hostname>/test
URL, and the dump_envvars() output only one additional variable:

In ap_headers_insert_output_filter: About to call dump_envvars...
In iterate_function: [UNIQUE_ID] => [T993fkjX4QkAAHanMQwAAAAA]
In iterate_function: [HTTPS] => [on]
In ap_headers_insert_output_filter: Returned from calling dump_envvars...

but not the other SSL-related variables, but if I add:

SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars

to the <VirtualHost> in extras/httpd-ssl.conf, WOOHOO(!), I get a bunch of SSL stuff
:)...

In ap_headers_insert_output_filter: About to call dump_envvars...
In iterate_function: [UNIQUE_ID] => [T995GkjX4QkAAHdbMDwAAAAA]
In iterate_function: [HTTPS] => [on]
In iterate_function: [SSL_SERVER_S_DN_C] => [US]
In iterate_function: [SSL_SERVER_S_DN_ST] => [VA]
In iterate_function: [SSL_SERVER_S_DN_L] => [anywhere]
In iterate_function: [SSL_SERVER_S_DN_O] => [apache1OU]
In iterate_function: [SSL_SERVER_S_DN_OU] => [apache1O]
In iterate_function: [SSL_SERVER_S_DN_CN] => [apache1.whatever.com]
In iterate_function: [SSL_SERVER_S_DN_Email] => [apache1@whatever.com]
In iterate_function: [SSL_SERVER_I_DN_C] => [US]
In iterate_function: [SSL_SERVER_I_DN_ST] => [VA]
In iterate_function: [SSL_SERVER_I_DN_L] => [OAKTON]
.
.
In iterate_function: [SSL_CLIENT_CERT] => [-----BEGIN CERTIFICATE-----
MIICrTCCAhagAwIBAgICECUwDQYJKoZIhvcNAQEEBQAwgZMxCzAJBgNVBAYTAlVT
MQswCQYDVQQIEwJWQTEPMA0GA1UEBxMGT0FLVE9OMRMwEQYDVQQKEwpKTFNpbXBs
ZUNBMRIwEAYDVQQLEwlKTERlbW8gQ0ExGzAZBgNVBAMTEkpMU2ltcGxlQ0EgRGVt
.
.
.
bTAdBgNVHREEFjAUgRIwdGVzdEB3aGF0ZXZlci5jb20wDAYDVR0TAQH/BAIwADAf
BgNVHSMEGDAWgBTJ71+0oml+Oj7gfrPou0WoH9FdfDAdBgNVHSUEFjAUBggrBgEF
BQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQEEBQADgYEAlg/aIr37XL+HsP2nqAeO
6VXByxwymKvUyYjQkAhp4OdywzXlqTmBUiEGHx07OevzyU3+y5E95+X6/QkPm4A6
Mvdk9B1tvcnvilz7iYUblDBHU1YNrvG7iu2XTxl723QWGUJcYgpE6ldHuRv+gz1d
RU3EW0UERzS/1UJAJ0QnGF4=
-----END CERTIFICATE-----
]
.
.


Jim

---- ohaya@cox.net wrote: 
> Hi,
> 
> I found some snippets that I used to make some dump_requests and dump_envvars functions:
> 
> /* START DUMP CODE
>  * Adapted from: http://thomas.eibner.dk/apache/table.html
>  */
> int iterate_func(void *req, const char *key, const char *value) {
>     int stat;
>     char *line;
>     request_rec *r = (request_rec *)req;
>     if (key == NULL || value == NULL || value[0] == '\0')
>         return 1;
>     
>     printf("In iterate_function: [%s] => [%s]\n", key, value);
>     //line = apr_psprintf(r->pool, "%s => %s\n", key, value);
>     //stat = ap_rputs(line, r);
> 
>     return 1;
> }
> 
> 
> 
> static int dump_request(request_rec *r) {
>     r->content_type = "text/plain";
>     //apr_send_http_header(r);
>     if (r->header_only)
>         return OK;
> 
>     apr_table_do(iterate_func, r, r->headers_in, NULL);
> 
>     return OK;
> }
> 
> 
> static int dump_envvars(request_rec *r) {
>     r->content_type = "text/plain";
>     //apr_send_http_header(r);
>     //if (r->header_only)
>     //    return OK;
> 
>     apr_table_do(iterate_func, r, r->subprocess_env, NULL);
> 
>     return OK;
> }
> 
> And I call them:
> 
>     printf("In ap_headers_insert_output_filter\n");
>     printf("In ap_headers_insert_output_filter: REQUEST_URI=[%s]\n", header_request_env_var(r,
"REQUEST_URI") );
>     printf("In ap_headers_insert_output_filter: About to call dump_request...");
>     dump_request(r);
>     printf("In ap_headers_insert_output_filter: Returned from calling dump_request...\n");
>     printf("In ap_headers_insert_output_filter: About to call dump_envvars...");
>     dump_envvars(r);
>     printf("In ap_headers_insert_output_filter: Returned from calling dump_envvars...\n");
> 
> from inside the ap_headers_insert_output_filter() function in mod_headers (again, just
an experiment).
> 
> The dump_request() does seem to return a bunch of the request headers, including one
that I set using RequestHeader directive, but the dump_envvars() returned only one envvar,
UNIQUE_ID.
> 
> Is that to be expected?  Is there somewhere else in the mod_headers.c code that I could
put these dump_envvars() calls that would show more envvars?
> 
> Thanks,
> Jim
> 
> 
> ---- ohaya@cox.net wrote: 
> > Hi Sorin and Ben,
> > 
> > I found a list of variables somewhere, and just (probably unluckily) picked REMOTE_URI,
just to see if retrieving any variable would work (an experiment).  Is there a list of environment
variables that WOULD return something other than null for that call?
> > 
> > Thanks,
> > Jim
> > 
> > 
> > ---- Ben Noordhuis <info@bnoordhuis.nl> wrote: 
> > > On Mon, Jun 18, 2012 at 8:53 AM,  <ohaya@cox.net> wrote:
> > > > I added a call to header_request_env_var(r, "REMOTE_URI"), just to see
what it got (running Apache in single-process mode):
> > > >
> > > > printf("REMOTE_URI=[%s]\n", header_request_env_var(r, "REMOTE_URI") );
> > > >
> > > > Then I pointed a browser to http://<myhost>/test, where /test was
a <Location> with a RequestHeader (to trigger mod_headers) but I got:
> > > >
> > > > REMOTE_URI=[(null)]
> > > >
> > > > Shouldn't that be showing:
> > > >
> > > > REMOTE_URI=[/test]
> > > >
> > > > ??
> > > 
> > > Did you mean REMOTE_USER or REQUEST_URI? I don't think there's such a
> > > thing as REMOTE_URI.
> > 

Mime
View raw message