----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Enrico Badella wrote:
>
> This is how I get the client's DN
>
> private static final String APACHE_DN = "org.apache.jserv.SSL_CLIENT_S_DN";
>
> clientDN = (String) req.getAttribute(APACHE_DN);
>
> However you must tell Apache + mod_ssl to export the certificate info with
>
> SSLOptions +ExportCertData
>
> Works great. All my Jserv based applications use certs to authenticate users.
Hi,
NB: you are using ajpv11 protocol (JServ version older than 1.1b3). No ?
I'll (or Michal will, who makes it is not important), add the
SSL_CLIENT_DN to the ajpv12 protocol (that's maybe a dirty hack, but we
need it. I hope I'll have time to do a better job soon). Other variables
could be needed later (expiration date, ciphers, etc ...). I think that
people who need this will have the knowledge to patch the source code
;-) (again, it's a quick & dirty hack).
I don't want to send every SSL env var all the time. Probably client
authent is 99.99% the need.
NB that I don't have a SSL_CLIENT_S_DN variable here as I use a
compatibility mode in mod_ssl that sends SSL_CLIENT_DN instead.
only adding :
SSLOptions +ExportCertData +CompatEnvVars
in httpd.conf
This will allow both apacheSSL & mod_ssl to work. Volunteers to test the
hack (especially on C2, Stronghold, or apache-SSL) ?
Jean-Luc
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
