httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Re: How to access client certificate PEM and incoming request headers in a module?
Date Mon, 18 Jun 2012 02:22:43 GMT

---- Ben Noordhuis <> wrote: 
> On Sun, Jun 17, 2012 at 9:46 PM,  <> wrote:
> > Hi,
> >
> > I am starting to look into implementing an Apache module that can use information
from an incoming request, including several headers and the subject string from a client certificate
to do authentication.
> >
> > I've been looking at the source for mod_auth_certificate, from,
as a starting point.
> >
> > However, it looks like the way that mod_auth_certificate works is that it requires
that there's an SSLUserName directive to put the client certificate DN into the Apache REMOTE_USER
attribute, whereas I need the entire PEM for the client cert to do authentication that I'm
trying to do.
> >
> > So I was wondering if it's possible for a module to access the SSL_CLIENT_S_DN and
SSL_CLIENT_CERT environment variables, and if so, how?
> They should be set in r->subprocess_env provided `SSLOptions
> +StdEnvVars +ExportCertData` is set in the server or per-directory
> config.
> > Also, as mentioned my module would need to access several HTTP headers that are
in the incoming requests.  How can it do that?
> Look them up with `apr_table_get(r->headers_in, "X-Header-Name")`.


Thanks.  I'll give those a try.  We already the SSLOptions set as you mentioned, so assuming
that I can figure out the coding (it's been a long time since I've done C/C++), that should
work :)...


View raw message