On Sun, Jun 17, 2012 at 9:46 PM, <oh...@cox.net> wrote: > Hi, > > I am starting to look into implementing an Apache module that can use > information from an incoming request, including several headers and the > subject string from a client certificate to do authentication. > > I've been looking at the source for mod_auth_certificate, from > https://modules.apache.org/, as a starting point. > > However, it looks like the way that mod_auth_certificate works is that it > requires that there's an SSLUserName directive to put the client certificate > DN into the Apache REMOTE_USER attribute, whereas I need the entire PEM for > the client cert to do authentication that I'm trying to do. > > So I was wondering if it's possible for a module to access the > SSL_CLIENT_S_DN and SSL_CLIENT_CERT environment variables, and if so, how?
They should be set in r->subprocess_env provided `SSLOptions +StdEnvVars +ExportCertData` is set in the server or per-directory config. > Also, as mentioned my module would need to access several HTTP headers that > are in the incoming requests. How can it do that? Look them up with `apr_table_get(r->headers_in, "X-Header-Name")`.