Re: mod_ssl environment variables

2005-01-17 Thread Joe Orton 
On Fri, Jan 14, 2005 at 04:48:09PM -0500, Jason Kaskel wrote:
> This is technically both a mod_perl and mod_ssl question. Maybe I 
> should harass their mailing list too.
> 
> I have a PerlAccessHandler that needs to access certificate 
> information.  According to what I've read the environment isn't loaded 
> with this information until the fixup phase which occurs right before 
> the response phase (and well after the access phase).  Is there any 
> other way for me to access certificate information this early in the 
> Apache process (specifically the data that gets loaded into 
> SSL_CLIENT_S_DN_CN)?  Failing that is there a way for me to force the 
> fixup phase to occur before the access phase?

With the mod_ssl in httpd 2.0, you can do this using Geoff Young's
Apache::SSLLookup module, which extracts variables directly from mod_ssl
rather than going through the environment table:

http://search.cpan.org/~geoff/Apache-SSLLookup-2.00_02/

Regards,

joe
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: mod_ssl environment variables

2005-01-17 Thread Matt Stevenson 
You can try something like ...


  # Get SSL variables into subprocess...
  my $subr = $r->lookup_uri( $r->uri() );

  # Get serial and issuer
  my $serial =
$subr->subprocess_env('SSL_CLIENT_M_SERIAL') || "";
  my $issuer_slashes =
$subr->subprocess_env('SSL_CLIENT_I_DN') || "";

Hope that works.

Regards
Matt

--- Jason Kaskel <[EMAIL PROTECTED]> wrote:

> This is technically both a mod_perl and mod_ssl
> question. Maybe I 
> should harass their mailing list too.
> 
> I have a PerlAccessHandler that needs to access
> certificate 
> information.  According to what I've read the
> environment isn't loaded 
> with this information until the fixup phase which
> occurs right before 
> the response phase (and well after the access
> phase).  Is there any 
> other way for me to access certificate information
> this early in the 
> Apache process (specifically the data that gets
> loaded into 
> SSL_CLIENT_S_DN_CN)?  Failing that is there a way
> for me to force the 
> fixup phase to occur before the access phase?
> 
> Thanks for any help!
> 
> -Jason
> [EMAIL PROTECTED]
> 
>
__
> Apache Interface to OpenSSL (mod_ssl)   
>www.modssl.org
> User Support Mailing List 
> modssl-users@modssl.org
> Automated List Manager   
> [EMAIL PROTECTED]
> 




__ 
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses. 
http://promotions.yahoo.com/new_mail
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]