All, I am trying to configure Apache so that it can pass the SSL_CLIENT_CERT to my back-end code. I can do this fine, but I have an additional requirement that, I do not want Apache to do the SSL authentication, but I want to pass the SSL_CLIENT_CERT to the back-end always and I want the back-end to do the authentication of the client certificate. I am seeing that whenever I configure Apache with 'SSLVerifyClient optional', if I send a unauthorized client certificate, my back-end never gets this information, as mod_ssl terminates the connection at the Apache level itself. Is there some way, by which I can have 'SSLVerifyClient optional', but still not do the authentication at the Apache level?
Thanks Praveen
