Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 26052 invoked from network); 2 Mar 2004 11:16:30 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 2 Mar 2004 11:16:30 -0000 Received: (qmail 41957 invoked by uid 500); 2 Mar 2004 11:15:49 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 41938 invoked by uid 500); 2 Mar 2004 11:15:48 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 41922 invoked from network); 2 Mar 2004 11:15:47 -0000 Received: from unknown (HELO mx1.redhat.com) (66.187.233.31) by daedalus.apache.org with SMTP; 2 Mar 2004 11:15:47 -0000 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.11.6/8.11.6) with ESMTP id i22BG1b23008 for ; Tue, 2 Mar 2004 06:16:01 -0500 Received: from radish.cambridge.redhat.com (radish.cambridge.redhat.com [172.16.18.90]) by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i22BG1817847 for ; Tue, 2 Mar 2004 06:16:01 -0500 Received: from radish.cambridge.redhat.com (localhost.localdomain [127.0.0.1]) by radish.cambridge.redhat.com (8.12.10/8.12.7) with ESMTP id i22BG0Ur013940 for ; Tue, 2 Mar 2004 11:16:00 GMT Received: (from jorton@localhost) by radish.cambridge.redhat.com (8.12.10/8.12.10/Submit) id i22BFx2V013939 for users@httpd.apache.org; Tue, 2 Mar 2004 11:15:59 GMT Date: Tue, 2 Mar 2004 11:15:59 +0000 From: Joe Orton To: users@httpd.apache.org Message-ID: <20040302111558.GB28934@redhat.com> Mail-Followup-To: users@httpd.apache.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: =?iso-8859-1?B?UkWgOiBbdXNlcnNAaHR0?= =?iso-8859-1?Q?pd=5D_RE_=3A_=5Busers=40httpd=5D_Forwarding_client_Certfic?= =?iso-8859-1?Q?ates?= from mod_ssl to a distant mod_jk through HTTPHeaders. X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Thanks for testing the patch, Nicolas. On Tue, Mar 02, 2004 at 12:05:12PM +0100, nicolas.villoutreix@accenture.com wrote: > I have just a small probleme remaining, i do get the client certificate as an environment variable from the RequestHeader: > HTTP_SSL_CLIENT_CERT="-----BEGIN CERTIFICATE----- MIICqTCCAhICAQIwDQYJKoZIhvcNAQEEBQAwgbAxCzAJBgNVBAYTAkZSMQwwCgYD VQQ > > But mod_jk expects an environment variable named SSL_CLIENT_CERT, > is there an easy way to rename or create this new variable using the content of the first variable, Google says you can configure mod_jk to pick up the client cert from a different variable, have you tried that: i.e. JkCERTSIndicator HTTP_SSL_CLIENT_CERT > I saw you post an other fix : http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/metadata/mod_headers.c?r1=1.49&r2=1.50 > In what way is it better than the first one? Is it because you do not have to tell mod_ssl to export variables? Yes: there is a lot of overhead when using: "SSLOptions +ExportCertData +StdEnvVars" - with the fix I committed, on your proxy you don't need to enable those settings, just use %{...}s in the RequestHeader directives to pass on the few specific SSL variables from mod_ssl. Regards, joe --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org