Try this to access the SSl server variables:
%{LA-U:ENV:SSL_CLIENT_S_DN}
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of James Collier
> > Sent: Monday, July 28, 2003 4:18 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
> >
> >
> > Joe Orton wrote:
> > > On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
> > >
> > >>I am in the process of upgrading a site from 1.3.x to
> > 2.0.47, and have
> > >>encountered a (perhaps obscure) problem.
> > >>
> > >>For mod_rewrite I sometimes need to extract and/or test client
> > >>certificate field values.
> > >>
> > >>Under 1.3.27/2.8.14 and earlier I could use - (at virtual
> > host level):
> > >>
> > >>===================
> > >>
> > >>SSLEngine on
> > >>...
> > >>SSLVerifyClientRequire
> > >>SSLOptions +StdEnvVars +StrictRequire
> > >>...
> > >>RewriteEngine on
> > >>RewriteLogLevel 9
> > >>...
> > >>RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
> > >>
> > >>====================
> > >>
> > >>As of apache 2, the rewrite log shows that the SSL_X environment
> > >>variables (and the HTTPS variable) are not being set during
> > the lookahead.
> > >>
> > >>Can anyone think what might have changed that would cause
> > this? e.g. any
> > >>changes in the ssl fixup-phase hook handler and sub-request
> > handling?
> > >
> > >
> > > Yes, a few people have reported this problem... the mod_ssl fixup
> > > handler is running to late to be useful like this in 2.0:
> > you should be
> > > able to fix it as below:
> > >
> > > Index: mod_ssl.c
> > >
> ===================================================================
> > > RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
> > > retrieving revision 1.86
> > > diff -u -r1.86 mod_ssl.c
> > > --- mod_ssl.c 24 Jun 2003 21:40:32 -0000 1.86
> > > +++ mod_ssl.c 28 Jul 2003 10:17:26 -0000
> > > @@ -508,7 +508,7 @@
> > > ap_hook_child_init (ssl_init_Child,
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > ap_hook_translate_name(ssl_hook_Translate,
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > ap_hook_check_user_id (ssl_hook_UserCheck,
> > NULL,NULL, APR_HOOK_FIRST);
> > > - ap_hook_fixups (ssl_hook_Fixup,
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > + ap_hook_fixups (ssl_hook_Fixup,
> > NULL,NULL, APR_HOOK_REALLY_FIRST);
> > > ap_hook_access_checker(ssl_hook_Access,
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > ap_hook_auth_checker (ssl_hook_Auth,
> > NULL,NULL, APR_HOOK_MIDDLE);
> > > ap_hook_post_read_request(ssl_hook_ReadReq,
> > NULL,NULL, APR_HOOK_MIDDLE);
> > >
> > >
> > >
> >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > User Support Mailing List
> > [EMAIL PROTECTED]
> > > Automated List Manager
> > [EMAIL PROTECTED]
> >
> > Many thanks for the quick response, Joe.
> >
> > I have applied the proposed patch, but unfortunately it does
> > not seem to
> > have fixed the problem.
> >
> > I will investigate further and report back.
> >
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> [EMAIL PROTECTED]
> > Automated List Manager
> [EMAIL PROTECTED]
> >
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
