Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 58DFC9819 for ; Wed, 4 Apr 2012 22:27:47 +0000 (UTC) Received: (qmail 99971 invoked by uid 500); 4 Apr 2012 22:27:44 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 99947 invoked by uid 500); 4 Apr 2012 22:27:44 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 99935 invoked by uid 99); 4 Apr 2012 22:27:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Apr 2012 22:27:44 +0000 X-ASF-Spam-Status: No, hits=3.4 required=5.0 tests=FH_FAKE_RCVD_LINE_B,RCVD_IN_DNSWL_NONE,SPF_PASS,SUBJ_OBFU_PUNCT_FEW X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ohaya@cox.net designates 68.230.241.217 as permitted sender) Received: from [68.230.241.217] (HELO eastrmfepo202.cox.net) (68.230.241.217) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Apr 2012 22:27:35 +0000 Received: from eastrmimpo209.cox.net ([68.230.241.224]) by eastrmfepo202.cox.net (InterMail vM.8.01.04.00 201-2260-137-20101110) with ESMTP id <20120404222709.HFER1165.eastrmfepo202.cox.net@eastrmimpo209.cox.net> for ; Wed, 4 Apr 2012 18:27:09 -0400 Received: from eastrmwml105 ([172.18.18.217]) by eastrmimpo209.cox.net with bizsmtp id tyT91i0054h0NJL02yT9yp; Wed, 04 Apr 2012 18:27:09 -0400 X-CT-Class: Clean X-CT-Score: 0.00 X-CT-RefID: str=0001.0A020201.4F7CCABD.0047,ss=1,re=0.000,fgs=0 X-CT-Spam: 0 X-Authority-Analysis: v=1.1 cv=bROEq2r9+Eyg9X7I3fQYdQhRp8F2m1l/XupKbT1znJs= c=1 sm=1 a=R0CwnUx2HJ8A:10 a=G8Uczd0VNMoA:10 a=H4AlmhIUOdgA:10 a=IkcTkHD0fZMA:10 a=iUHFWXxKLpJq0d/jDuaUrQ==:17 a=iJ2ptwYv5SUstybESJ8A:9 a=QEXdDO2ut3YA:10 a=iUHFWXxKLpJq0d/jDuaUrQ==:117 X-CM-Score: 0.00 Authentication-Results: cox.net; none Received: from 72.192.251.2 by webmail.east.cox.net; Wed, 4 Apr 2012 18:27:09 -0400 Message-ID: <20120404182709.16TVN.329126.root@eastrmwml105> Date: Wed, 4 Apr 2012 18:27:09 -0400 From: To: users@httpd.apache.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) Sensitivity: Normal Subject: [users@httpd] Possible to add edited version of SSL_CLIENT_CERT variable to request header? Hi, I am using Apache (2.2.x) as a proxy. The Apache is enabled for 2-way/client-authenticated SSL. In one situation (in a specific section), I need to be able to pass the PEM of the client certificate to the proxied server, with a specific HTTP header name. I've actually been able to pass the raw PEM as an HTTP header using just the RequestHeader directive: RequestHeader set "my_ssl_client_cert" "%{SSL_CLIENT_CERT}e" But, that raw PEM has the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" strings before and after the actual certificate PEM. I've been trying to figure out how to get just the certificate PEM into the HTTP header for awhile, mostly using SetEnvIfNoCase, but when I try that, I always end up with an empty string or null in the header. Given that I seem to be able to get the PEM from the SSL_CLIENT_CERT envvar, it seems like there SHOULD be a way to get that into a request header, but I haven't been able to do that yet, and am truly stumped, so I was hoping that someone here might know how to do that? Thanks in advance, Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org