httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Noordhuis <i...@bnoordhuis.nl>
Subject Re: How to access client certificate PEM and incoming request headers in a module?
Date Sun, 17 Jun 2012 23:31:42 GMT
On Sun, Jun 17, 2012 at 9:46 PM,  <ohaya@cox.net> wrote:
> Hi,
>
> I am starting to look into implementing an Apache module that can use information from
an incoming request, including several headers and the subject string from a client certificate
to do authentication.
>
> I've been looking at the source for mod_auth_certificate, from https://modules.apache.org/,
as a starting point.
>
> However, it looks like the way that mod_auth_certificate works is that it requires that
there's an SSLUserName directive to put the client certificate DN into the Apache REMOTE_USER
attribute, whereas I need the entire PEM for the client cert to do authentication that I'm
trying to do.
>
> So I was wondering if it's possible for a module to access the SSL_CLIENT_S_DN and SSL_CLIENT_CERT
environment variables, and if so, how?

They should be set in r->subprocess_env provided `SSLOptions
+StdEnvVars +ExportCertData` is set in the server or per-directory
config.

> Also, as mentioned my module would need to access several HTTP headers that are in the
incoming requests.  How can it do that?

Look them up with `apr_table_get(r->headers_in, "X-Header-Name")`.

Mime
View raw message