httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: RE : [users@httpd] RE : [users@httpd] Forwarding client Certficates from mod_ssl to a distant mod_jk through HTTPHeaders.
Date Tue, 02 Mar 2004 11:15:59 GMT
Thanks for testing the patch, Nicolas.

On Tue, Mar 02, 2004 at 12:05:12PM +0100, nicolas.villoutreix@accenture.com wrote:
> I have just a small probleme remaining, i do get the client certificate as an environment
variable from the RequestHeader:  
> HTTP_SSL_CLIENT_CERT="-----BEGIN CERTIFICATE----- MIICqTCCAhICAQIwDQYJKoZIhvcNAQEEBQAwgbAxCzAJBgNVBAYTAkZSMQwwCgYD
VQQ
>  
> But mod_jk expects an environment variable named SSL_CLIENT_CERT,
> is there an easy way to rename or create this new variable using the content of the first
variable,

Google says you can configure mod_jk to pick up the client cert from a
different variable, have you tried that: i.e.

  JkCERTSIndicator HTTP_SSL_CLIENT_CERT

> I saw you post an other fix : http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/metadata/mod_headers.c?r1=1.49&r2=1.50
> In what way is it better than the first one? Is it because you do not have to tell mod_ssl
to export variables?

Yes: there is a lot of overhead when using: "SSLOptions +ExportCertData
+StdEnvVars" - with the fix I committed, on your proxy you don't need to 
enable those settings, just use %{...}s in the RequestHeader directives 
to pass on the few specific SSL variables from mod_ssl.

Regards,

joe

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message