tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1127315 - /tomcat/jk/trunk/xdocs/reference/apache.xml
Date Tue, 24 May 2011 22:15:47 GMT
All,

I'm not sure what the policy is on documentation changes and
back-porting to already-released versions of mod_jk, but this clarifies
how mod_jk works and would be beneficial to have on the web site without
having to wait for a new release of mod_jk. Is there a good way to do
that, or should we just wait for a new release?

Thanks,
-chris

On 5/24/2011 6:02 PM, schultz@apache.org wrote:
> Author: schultz
> Date: Tue May 24 22:02:27 2011
> New Revision: 1127315
> 
> URL: http://svn.apache.org/viewvc?rev=1127315&view=rev
> Log:
> Added detailed information about what SSL variables will be sent to Tomcat when JkExtractSSL
is enabled.
> 
> Modified:
>     tomcat/jk/trunk/xdocs/reference/apache.xml
> 
> Modified: tomcat/jk/trunk/xdocs/reference/apache.xml
> URL: http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/apache.xml?rev=1127315&r1=1127314&r2=1127315&view=diff
> ==============================================================================
> --- tomcat/jk/trunk/xdocs/reference/apache.xml (original)
> +++ tomcat/jk/trunk/xdocs/reference/apache.xml Tue May 24 22:02:27 2011
> @@ -271,7 +271,48 @@ The default value is On.
>  In order to make SSL data available for mod_jk in Apache, you need to
>  set <code>SSLOptions +StdEnvVars</code>. For the certificate information
you also need
>  to add <code>SSLOptions +ExportCertData</code>.
> -</p></attribute>
> +</p>
> +<p>
> +  Specifically, mod_jk will export the following environment variables from
> +  Apache httpd to Tomcat under these request attributes as per the
> +  Servlet Specification 3.0, section 3.8:
> +</p>
> +<table>
> +  <tr><th>Env Var</th><th>Request Attribute Name</th><th>Type</th><th>Example</th></tr>
> +  <tr>
> +    <td>SSL_CIPHER<br/>(or <code>JkKEYSIZEIndicator</code>)</td>
> +    <td>javax.servlet.request.cipher_suite</td>
> +    <td>java.lang.String</td>
> +    <td>DHE-RSA-AES256-SHA</td>
> +  </tr>
> +  <tr>
> +    <td>SSL_CIPHER_USEKEYSIZE<br/>(or <code>JkKEYSIZEIndicator</code>)</td>
> +    <td>javax.servlet.request.key_size</td>
> +    <td>java.lang.Integer</td>
> +    <td>256</td>
> +  </tr>
> +  <tr>
> +    <td>SSL_SESSION_ID<br/>(or <code>JkSESSIONIndicator</code>)</td>
> +    <td>javax.servlet.request.ssl_session</td>
> +    <td>java.lang.String</td>
> +    <td>905...32E (a hex string)</td>
> +  </tr>
> +  <tr>
> +    <td>SSL_CLIENT_CERT_CHAIN_<i>n</i><br/>(or <code>JkCERTCHAINPrefix</code><i>n</i>)</td>
> +    <td>javax.servlet.request.X509Certificate</td>
> +    <td>java.security.X509Certificate[]</td>
> +    <td>(A chain of certs in ascending order of trust, the first one being
> +        ths client's certificate, the second being the signer of that
> +        certificate, and so on)</td>
> +  </tr>
> +</table>
> +<p>
> +  For all other SSL-related variables, use <code>JkEnvVar</code> for each
> +  variable you want. Please note that, like <code>JkEnvVar</code>, these
> +  variables are available from the request <i><b>attributes</b></i>,
not as
> +  environment variables or as request headers.
> +</p>
> +</attribute>
>  <attribute name="JkHTTPSIndicator" required="false"><p>
>  Name of the Apache environment variable that contains SSL indication.
>  <br/>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 


Mime
View raw message