httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sorin Manolache <sor...@gmail.com>
Subject Re: Confused about modules processing order...
Date Tue, 26 Jun 2012 18:26:30 GMT
On 2012-06-26 19:56, ohaya@cox.net wrote:
>>> You cannot wait until mod_ssl runs its fixups, you have to hook one of
>>> the hooks that execute earlier than webgate's check_user_id or
>>> auth_checker. (You have to hook one of the hooks (1)-(4).) There, in
>>> your hook, you have to get yourself the values of the server
>>> certificates, client certificate, etc, everything that mod_ssl would
>>> have given you, but too late.
> "
>
> I guess that what I'm seeing is exactly what you said would happen, i.e., my check_user_id
hook function is being called, but none of the SSL vars are populated (since, as you said
mod_ssl doesn't populate them until the fixup phase).
>
> What mechanisms/methods could I use to get those SSL vars ("you have to get yourself
the values of the server certificates, client certificate, etc, ") at this point?

I don't know, unfortunately. Have a look at the sources 
(modules/ssl/ssl_engine_kernel.c, ssl_hook_Fixup) to see how mod_ssl 
does it.

Apparently mod_ssl uses ssl_var_lookup defined in ssl_engine_vars.c. 
Maybe you can use it in check_user_id already.

Sorin

Mime
View raw message