Try this to access the SSl server variables: %{LA-U:ENV:SSL_CLIENT_S_DN}
Brilliant! Many thanks - that seems to work perfectly.
Not something I'd have guessed, either. In the words of Brian Moore ... "Damned cool voodoo, but still voodoo"
-- James
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Collier
Sent: Monday, July 28, 2003 4:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Apache2: mod_rewrite and mod_ssl interaction changed?
Joe Orton wrote:
On Mon, Jul 28, 2003 at 10:09:49PM +1200, James Collier wrote:
I am in the process of upgrading a site from 1.3.x to
2.0.47, and have
encountered a (perhaps obscure) problem.
For mod_rewrite I sometimes need to extract and/or test client certificate field values.
Under 1.3.27/2.8.14 and earlier I could use - (at virtual
host level):
===================
SSLEngine on ... SSLVerifyClientRequire SSLOptions +StdEnvVars +StrictRequire ... RewriteEngine on RewriteLogLevel 9 ... RewriteCond %{LA_U:SSL_CLIENT_S_DN} (..*)
====================
As of apache 2, the rewrite log shows that the SSL_X environment
variables (and the HTTPS variable) are not being set during
the lookahead.
Can anyone think what might have changed that would cause
this? e.g. any
changes in the ssl fixup-phase hook handler and sub-request
handling?
Yes, a few people have reported this problem... the mod_ssl fixup
handler is running to late to be useful like this in 2.0:
you should be
able to fix it as below:
Index: mod_ssl.c
===================================================================
______________________________________________________________________RCS file: /store/cvs/root/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.86
diff -u -r1.86 mod_ssl.c
--- mod_ssl.c 24 Jun 2003 21:40:32 -0000 1.86
+++ mod_ssl.c 28 Jul 2003 10:17:26 -0000
@@ -508,7 +508,7 @@
ap_hook_child_init (ssl_init_Child,
NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_translate_name(ssl_hook_Translate,
NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_check_user_id (ssl_hook_UserCheck,
NULL,NULL, APR_HOOK_FIRST);
- ap_hook_fixups (ssl_hook_Fixup,
NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_fixups (ssl_hook_Fixup,
NULL,NULL, APR_HOOK_REALLY_FIRST);
ap_hook_access_checker(ssl_hook_Access,
NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker (ssl_hook_Auth,
NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_post_read_request(ssl_hook_ReadReq,
NULL,NULL, APR_HOOK_MIDDLE);
Many thanks for the quick response, Joe.
I have applied the proposed patch, but unfortunately it does not seem to have fixed the problem.
I will investigate further and report back.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]