On Sun, Jun 17, 2012 at 9:46 PM,  <ohaya@cox.net> wrote:
> Hi,
>
> I am starting to look into implementing an Apache module that can use information from an incoming request, including several headers and the subject string from a client certificate to do authentication.
>
> I've been looking at the source for mod_auth_certificate, from https://modules.apache.org/, as a starting point.
>
> However, it looks like the way that mod_auth_certificate works is that it requires that there's an SSLUserName directive to put the client certificate DN into the Apache REMOTE_USER attribute, whereas I need the entire PEM for the client cert to do authentication that I'm trying to do.
>
> So I was wondering if it's possible for a module to access the SSL_CLIENT_S_DN and SSL_CLIENT_CERT environment variables, and if so, how?

They should be set in r->subprocess_env provided `SSLOptions
+StdEnvVars +ExportCertData` is set in the server or per-directory
config.

> Also, as mentioned my module would need to access several HTTP headers that are in the incoming requests.  How can it do that?

Look them up with `apr_table_get(r->headers_in, "X-Header-Name")`.