Ryan, Ust out of curiosity, at what stage in the request chain are you doing this? If you are doing anything before mod_ssl populates its environment variables (which I seem to rembmer being at Fixup, although I may be confusing with something else), you wouldn't be able to access them. You *should* still be able to get to other Apache environment variables..... Try an easy one: test for mod_perl. If that works, your environment variables are OK, and it's likely a mod_ssl problem that you're having.
Issac ----- Original Message ----- From: "Ryan Muldoon" <[EMAIL PROTECTED]> To: "Geoffrey Young" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, June 09, 2003 10:13 PM Subject: Re: getting *any* variables out of the server environment > Geoffrey, > > Thanks for the explanation. Unfortunately, I think I am still a little > unclear as to how to proceed. If I understand you correctly, my first > method is completely wrongheaded. (I tried this because it is how the > "Writing Apache Modules with Perl and C" does it. p.327) So it sounds > like the second way is the appropriate usage for subprocess_env(). But > it seems like you're saying that I shouldn't be using that at all. > Specifically, here is what I'd like to get out of the environment: > SSL_CLIENT_S_DN_CN > SSL_CLIENT_S_DN_O > and things of that nature. According to mod_ssl's documentation, these > are put in ENV upon processing of a client certificate. Ideally, I'd > like to make which fields to extract configurable, so I don't want to > hard-code. > > Currently, I have > PerlPassEnv SSL_CLIENT_S_DN_O > PerlPassEnv SSL_CLIENT_S_DN_CN > in my httpd.conf, but it doesn't seem to make any kind of difference. > To make sure it isn't just mod_ssl being lame for some reason, I've > tried it with DOCUMENT_ROOT and other standard ENV variables. But to no > avail. :( > > --Ryan > > On Mon, 2003-06-09 at 13:59, Geoffrey Young wrote: > > Ryan Muldoon wrote: > > > I'm not able to get *any* variables out from the apache server > > > environment. > > > > ok, first off, this is a two step process for Apache. the first step is > > that modules (like mod_ssl) populate the subprocess_env table with various > > values. then, modules like mod_cgi and mod_perl come along and populate > > %ENV with the values from subprocess_env as well as various other CGI > > specific variables (like DOCUMENT_ROOT or whatever else there is). the > > point is that you're really not after environment variables if you want to > > test for something like $r->subprocess_env('HTTPS') - that it ends up as > > $ENV{HTTPS} is a byproduct of modules like mod_cgi and mod_perl. > > > > just for your own edification :) > > > > > As you might be able to imagine, this is extremely > > > frustrating, and inhibits my ability to do anything of use with > > > mod_perl. My basic technique has been: > > > my $uri = $r->uri; > > > return unless $r->is_main(); > > > my $subr = $r->lookup_uri($uri); > > > my $apachecertcomp = $subr->subprocess_env($certcomponent); > > > > I don't understand the need for a subrequest to the same URI - > > subprocess_env has nothing to do with an actual subprocess. each request > > (including subrequests) have their own subprocess_env table attached to $r. > > in many cases, modules are coded to behave differently for subrequests > > than for the main request, so something you may see in $r->subprocess_env() > > could not be in $r->lookup_uri($uri)->subprocess_env(). > > > > > But this doesn't work. I also tried > > > my $var = $r->subprocess_env("VARIABLE_NAME"); > > > And this does not work either. I really need to be able to use > > > environment variables that mod_ssl sets in my authentication handler. > > > > a few things here too. for the reasons described above, subprocess_env() is > > not a substitute for %ENV, so if what you want is a true %ENV value (such as > > those from PerlPassEnv), you will not be able to get to it via > > $r->subprocess_env(). > > > > > Any ideas? Thanks! > > > > HTH > > > > --Geoff > > > > > > >