Then maybe you should write a module to persist the cert contained in the
variable.
Or look at the perl:soaplite stuff for your deployed service.
Adam
-----Original Message-----
From: Irfan Mohammed [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 25, 2001 12:43 AM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: SOAP, SSL and Certificates
What happens when you have multiple requests coming in. The environment
variables may be overwritten by the time the java program has a chance to
call the c program through jni.
Im guessing apache overwrites the environment variables each time a new
client certificate is received, so there is no guarantee of thread
safe-ness.
Irfan
-----Original Message-----
From: Adam.Leggett [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 9:25 AM
To: '[EMAIL PROTECTED]'
Subject: RE: SOAP, SSL and Certificates
I know in mod_ssl an authenticated client cert is available as an
environment variable $SSL_CLIENT_CERT.
You could inspect this with a perl script maybe or something in C and use
JNI to get at it.
Not tried this, but i guess it might work.
-----Original Message-----
From: Irfan Mohammed [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 5:23 PM
To: '[EMAIL PROTECTED]'
Subject: SOAP, SSL and Certificates
This question may not be specific to SOAP but I am hoping somebody may know
the answer to this. Is there anyway to gain access to a client certificate
in a web service method (on the server) after the client and server are
mutually authenticated. Basically the client sends an ID as a parameter to
the service. This id is used to an identifier for various house keeping
operations. However the client may send an invalid ID. However bu gaining
access to the certificate and hence the public key of the client the client
can be uniquely identified. The question is whether this is possible in a
web service method.
Thanks
Irfan
