Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 93624 invoked from network); 27 Feb 2004 08:41:11 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 27 Feb 2004 08:41:11 -0000 Received: (qmail 3561 invoked by uid 500); 27 Feb 2004 08:40:26 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 3515 invoked by uid 500); 27 Feb 2004 08:40:26 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 3297 invoked from network); 27 Feb 2004 08:40:24 -0000 Received: from unknown (HELO mx1.redhat.com) (66.187.233.31) by daedalus.apache.org with SMTP; 27 Feb 2004 08:40:23 -0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.11.6/8.11.6) with ESMTP id i1R8eab13938; Fri, 27 Feb 2004 03:40:36 -0500 Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i1R8eY809142; Fri, 27 Feb 2004 03:40:35 -0500 Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1]) by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i1R8eYUr003748; Fri, 27 Feb 2004 08:40:34 GMT Received: (from jorton@localhost) by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i1R8eW2q003747; Fri, 27 Feb 2004 08:40:32 GMT Date: Fri, 27 Feb 2004 08:40:32 +0000 From: Joe Orton To: Ian Huynh Cc: users@httpd.apache.org Message-ID: <20040227084032.GA3741@redhat.com> Mail-Followup-To: Ian Huynh , users@httpd.apache.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Help with SSL and CGI Env var export - can't get SSL_CLIENT_CERT_CHAINn values X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N On Wed, Feb 25, 2004 at 10:48:38AM -0800, Ian Huynh wrote: > Env: 2.0.48 , Win2K, Open SSL 0.9.7c > > In apache 2.0.48 and openssl 0.9.7c, according to the docs below > > http://httpd.apache.org/docs-2.0/mod/mod_ssl.html > > there are a number of env vars that can be exported. I am interested in 3 of these > > SSL_SERVER_CERT > SSL_CLIENT_CERT string PEM-encoded client certificate > SSL_CLIENT_CERT_CHAINn string PEM-encoded certificates in client certificate chain Actually the docs are not in synch with the code, it should be: SSL_CLIENT_CERT_CHAIN_n > I can get the CLIENT_CERT exported but not the CERT_CHAINn or SERVER_CERT . Has anyone been able to get it to work? > > My httpd.conf is below > > # turns on SSL Options > > SSLOptions +StdEnvVars +ExportCertData > > # set the CGI values as HTTP Request Header. > > RequestHeader set SSLClientCert %{SSL_CLIENT_CERT}e > RequestHeader set SSLClientCertChain1 %{SSL_CLIENT_CERT_CHAIN1}e > RequestHeader set SSLClientCertChain2 %{SSL_CLIENT_CERT_CHAIN2}e > RequestHeader set SSLServerCert %{SSL_SERVER_CERT}e but I believe *none* of these are likely to work since mod_headers doesn't handle env vars which wrap over multiple lines joe --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org