httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: [users@httpd] Help with SSL and CGI Env var export - can't get SSL_CLIENT_CERT_CHAINn values
Date Fri, 27 Feb 2004 08:40:32 GMT
On Wed, Feb 25, 2004 at 10:48:38AM -0800, Ian Huynh wrote:
> Env: 2.0.48 , Win2K, Open SSL 0.9.7c
> 
> In apache 2.0.48 and openssl 0.9.7c, according to the docs below 
> 
> http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
> 
> there are a number of env vars that can be exported. I am interested in 3 of these 
> 
> SSL_SERVER_CERT
> SSL_CLIENT_CERT string PEM-encoded client certificate 
> SSL_CLIENT_CERT_CHAINn string PEM-encoded certificates in client certificate chain 

Actually the docs are not in synch with the code, it should be:

SSL_CLIENT_CERT_CHAIN_n

> I can get the CLIENT_CERT exported but not the CERT_CHAINn or SERVER_CERT . Has anyone
been able to get it to work?
>
> My httpd.conf is below
> 
> # turns on SSL Options
> 
> SSLOptions +StdEnvVars +ExportCertData 
> 
> # set the CGI values as HTTP Request Header.
> 
> RequestHeader set SSLClientCert %{SSL_CLIENT_CERT}e
> RequestHeader set SSLClientCertChain1 %{SSL_CLIENT_CERT_CHAIN1}e
> RequestHeader set SSLClientCertChain2 %{SSL_CLIENT_CERT_CHAIN2}e
> RequestHeader set SSLServerCert %{SSL_SERVER_CERT}e

but I believe *none* of these are likely to work since mod_headers
doesn't handle env vars which wrap over multiple lines

joe

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message