Re: mod_ssl environment variables
On Fri, Jan 14, 2005 at 04:48:09PM -0500, Jason Kaskel wrote: > This is technically both a mod_perl and mod_ssl question. Maybe I > should harass their mailing list too. > > I have a PerlAccessHandler that needs to access certificate > information. According to what I've read the environment isn't loaded > with this information until the fixup phase which occurs right before > the response phase (and well after the access phase). Is there any > other way for me to access certificate information this early in the > Apache process (specifically the data that gets loaded into > SSL_CLIENT_S_DN_CN)? Failing that is there a way for me to force the > fixup phase to occur before the access phase? With the mod_ssl in httpd 2.0, you can do this using Geoff Young's Apache::SSLLookup module, which extracts variables directly from mod_ssl rather than going through the environment table: http://search.cpan.org/~geoff/Apache-SSLLookup-2.00_02/ Regards, joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl environment variables
You can try something like ... # Get SSL variables into subprocess... my $subr = $r->lookup_uri( $r->uri() ); # Get serial and issuer my $serial = $subr->subprocess_env('SSL_CLIENT_M_SERIAL') || ""; my $issuer_slashes = $subr->subprocess_env('SSL_CLIENT_I_DN') || ""; Hope that works. Regards Matt --- Jason Kaskel <[EMAIL PROTECTED]> wrote: > This is technically both a mod_perl and mod_ssl > question. Maybe I > should harass their mailing list too. > > I have a PerlAccessHandler that needs to access > certificate > information. According to what I've read the > environment isn't loaded > with this information until the fixup phase which > occurs right before > the response phase (and well after the access > phase). Is there any > other way for me to access certificate information > this early in the > Apache process (specifically the data that gets > loaded into > SSL_CLIENT_S_DN_CN)? Failing that is there a way > for me to force the > fixup phase to occur before the access phase? > > Thanks for any help! > > -Jason > [EMAIL PROTECTED] > > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > modssl-users@modssl.org > Automated List Manager > [EMAIL PROTECTED] > __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]