On Thu, Sep 22, 2005 at 01:04:25PM +0200, Martin Kraemer wrote:
> On Tue, Sep 20, 2005 at 05:33:30PM +0100, Joe Orton wrote:
> > > SetEnvIf SSL_PeerExtList("1.3.6.1.4.1.18060.1") \
> > > "(committers|administrators)" \
> > > ThisUserHasAValidCert=$1
> > >
> > > Later on, you can control access (in dir context, if desired) by
> > >
> > > allow from env=ThisUserHasAValidCert
> >
> > That's just SSLRequire reimplemented badly, as you say. What's the real
> > use-case for this feature, what problem are you trying to solve?
>
> If used for "allow from env=", you are right. But environment variables
> do have a much more global usage scenario.
>
> I see a usage scenario in anything from CGIs (and .shtml / .php / .pl)
> to custom error documents, or rewriting and filtering. The patch
So you do just want to export env vars from mod_ssl? Why does
mod_setenvif have to come into the equation at all then? Why not add
something like "SSLOptions +ExportCertExts" to mod_ssl and export all
the ext values in appropriately named env vars?
SSL_EXT_S_1_3_6_etc="This is a comment", just as it does for the rest of
the cert info with +ExportCertData?
joe
