httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: [users@httpd] Forwarding client Certficates from mod_ssl to a distant mod_jk through HTTPHeaders.
Date Fri, 06 Feb 2004 09:50:24 GMT
On Tue, Feb 03, 2004 at 01:56:08PM +0100, nicolas.villoutreix@accenture.com wrote:
...
> But the main issue is about storing a client certificate in a HTTP 
> header : When mod_ssl writes the certificate as an environment 
> variable, it produces a multi-line output and the RequestHeader 
> directive isn't able to transfer it into a correct multi-line HTTP 
> header.

> I saw in the httpd-dev mailing-list archive that there was a patch in 
> apache 2.0 submitted, but it does not seem to have been integrated 
> (http://www.mail-archive.com/modssl-users@modssl.org/msg15917.html).

Hi - I looked at the solution Maik presented, it does seem a little like
overkill.  After all: the SSL_CLIENT_CERT variable is already a base64
representation of the certificate.

I wonder whether the simplest fix would be to change mod_headers to
handle multi-line env.vars correctly; either by sending them over
multiple lines correctly, or by flattening them on to a single line.

Another alternative would be to extend mod_ssl to produce a single-line
equivalent of SSL_CLIENT_CERT directly. (just directly converting the
DER cert into a base64 string without the PEM wrapping)

Would both of those work for whatever you do with the cert the other
end?

Regards,

joe

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message