---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- Jean-Luc Rochat wrote: > > ---------------------------------------------------------------- > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> > WHEN YOU POST, include all relevant version numbers, log files, > and configuration files. Don't make us guess your problem!!! > ---------------------------------------------------------------- > > Enrico Badella wrote: > > > > This is how I get the client's DN > > > > private static final String APACHE_DN = "org.apache.jserv.SSL_CLIENT_S_DN"; > > > > clientDN = (String) req.getAttribute(APACHE_DN); > > > > However you must tell Apache + mod_ssl to export the certificate info with > > > > SSLOptions +ExportCertData > > > > Works great. All my Jserv based applications use certs to authenticate users. > > Hi, > > NB: you are using ajpv11 protocol (JServ version older than 1.1b3). No ? > > I'll (or Michal will, who makes it is not important), add the > SSL_CLIENT_DN to the ajpv12 protocol (that's maybe a dirty hack, but we > need it. I hope I'll have time to do a better job soon). Other variables > could be needed later (expiration date, ciphers, etc ...). I think that > people who need this will have the knowledge to patch the source code > ;-) (again, it's a quick & dirty hack). > > I don't want to send every SSL env var all the time. Probably client > authent is 99.99% the need. > > NB that I don't have a SSL_CLIENT_S_DN variable here as I use a > compatibility mode in mod_ssl that sends SSL_CLIENT_DN instead. > only adding : > > SSLOptions +ExportCertData +CompatEnvVars > > in httpd.conf > This will allow both apacheSSL & mod_ssl to work. Volunteers to test the > hack (especially on C2, Stronghold, or apache-SSL) ? > > Jean-Luc > I just added SSL_CLIENT_DN (not yet in CVS, waiting feedback) the Client's DN in ajpv12 protocol : try it here (see the differences between ajpv11 & ajpv12 : https://jnix.penguinpowered.com/x509authservletajpv11/SuperSnoop <<< ajpv11 https://jnix.penguinpowered.com/x509authservletajpv12/SuperSnoop <<< ajpv12 patched YOU NEED A CERTIFICATE TO ACCESS THESE SERVLETS ! (can take one from here for free (test only) : http://jnix.penguinpowered.com/certs/ ) Jean-Luc -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives and Other: <http://java.apache.org/main/mail.html> Problems?: [EMAIL PROTECTED]
