Hello,
I'm trying to get access to the SSL client certificate from within an
access script that I have set using WSGIAccessScript. In my apache
config in a <Directory> section I have:
<Directory /var/www/pub>
AuthBasicAuthoritative Off
Require valid-user
AuthType Basic
AuthBasicProvider wsgi
AuthName Fooey
WSGIAccessScript /home/jslagle/devel/access.wsgi
WSGIPassApacheRequest On
SSLRequireSSL
SSLVerifyClient optional
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData
</Directory>
I've followed the instructions from
http://groups.google.com/group/modwsgi/msg/bb09074dbb3246c7.
I downloaded and installed the ssl_engine_vars.tar.gz tarball, and in
my access.wsgi script I have:
#!/usr/bin/python
import ssl_engine_vars
def allow_access(environ, host):
request_rec = environ['apache.request_rec']
cert = ssl_engine_vars.var_lookup(request_rec, "SSL_CLIENT_CERT")
# Do some cert validation
return True
The problem is that cert is always coming back as empty string in
access.wsgi. I know that the client is sending a cert because if I
make the same request and instead use a mod_python
PythonAuthenHandler, or use a mod_wsgi application with
WSGIScriptAlias, I can get access to the client certificate.
Is there another way to get a client certificate from an access script
or am I missing a configuration? Any help would be appreciated.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
