httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Huynh" <i...@hubspan.com>
Subject RE: [users@httpd] Help with SSL and CGI Env var export - can't get SSL_CLIENT_CERT_CHAINn values
Date Fri, 27 Feb 2004 21:07:09 GMT
Hmm... the problem was the documentation.

SSL_CLIENT_CERT_CHAIN_n is the correct var name not SSL_CLIENT_CERT_CHAINn  -- the documentation
didn't have an underscore

so I can now get SSL_CLIENT_CERT_CHAIN_0 to appear as header which is the intermediate CA
but
not SSL_CLIENT_CERT_CHAIN_1 (root ca?)


>-----Original Message-----
>From: Ian Huynh 
>Sent: Friday, February 27, 2004 12:41 PM
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] Help with SSL and CGI Env var export - can't
>get SSL_CLIENT_CERT_CHAINn values
>
>
>Joe
>
>Sorry I didn't even see the attachment but yes, I fixed our 
>code a while back 
>using almost identical logic to yours.  We use a '\t' instead 
>of APR_ASCII_BLANK
>I also did a check to make sure that the last CRLF at the end 
>of the header (if any) are
>preserved.  
>
>But yeah, your fix would definitely work and hopefully it'll 
>make it into the next release.
>
>>> >> RequestHeader set SSLServerCert %{SSL_SERVER_CERT}e
>>> >> RequestHeader set SSLClientCert %{SSL_CLIENT_CERT}e>
>>That's odd, I can't reproduce that.
>
>Can you get both Certs to come out in the headers?  which 
>version of Apache and which OS?
>
>>
>>> I could never get Client Cert chain to export. 
>>And that is supposed to work if you have +ExportCertData.  Confused...
>>
>>joe
>>
>The CertChain does come out but the values are always '(null)'
>
>
>
>
>
>>-----Original Message-----
>>From: Joe Orton [mailto:jorton@redhat.com]
>>Sent: Friday, February 27, 2004 12:08 PM
>>To: users@httpd.apache.org
>>Subject: Re: [users@httpd] Help with SSL and CGI Env var 
>export - can't
>>get SSL_CLIENT_CERT_CHAINn values
>>
>>
>>On Fri, Feb 27, 2004 at 08:33:07AM -0800, Ian Huynh wrote:
>>> Hey Joe
>>> you are right in that mod_headers messed up multiple lines. 
>>I filed a bug with Apache 
>>> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23223
>>
>>Does the fix I just attached to that bug work for you?
>>
>>> I WAS able to get SSL_SERVER_CERT to export as well now but 
>>the caveat is only one of the CERT
>>> (either CLIENT or SERVER) will come out as a header. not 
>>both. If both are turned on, only the 
>>> first directive is recognized.
>>> 
>>> 
>>> This sequence exports only Client Cert 
>>> 
>>> >> RequestHeader set SSLClientCert %{SSL_CLIENT_CERT}e
>>> >> RequestHeader set SSLServerCert %{SSL_SERVER_CERT}e
>>> 
>>> This sequence exports only Server Cert
>>> >> RequestHeader set SSLServerCert %{SSL_SERVER_CERT}e
>>> >> RequestHeader set SSLClientCert %{SSL_CLIENT_CERT}e
>>
>>That's odd, I can't reproduce that.
>>
>>> I could never get Client Cert chain to export. 
>>
>>And that is supposed to work if you have +ExportCertData.  Confused...
>>
>>joe
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP 
>>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message