Dave Sparks
Mon, 22 Sep 2008 03:39:19 -0700
Gunnar Vestergaard wrote: > My goal is to let visitors of my web site authenticate themselves to > my web server using some certificate, possibly S/MIME certificates. > As I understand the documentation for PHP, there is no means whereby > PHP can read and interpret an SSL client certificate. Is that correct?It's possible to configure Apache 2 to add the client certificate to a request header. From one of my configuration files:
RewriteCond ${ESC:%{SSL:SSL_CLIENT_CERT}} \
^.*(-----BEGIN%20(X509%20|TRUSTED%20|)CERTIFICATE-----(%0[Dd])?%0[Aa].*%0[Aa]-----END%20\2CERTIFICATE-----(%0[Dd])?%0[Aa]).*$
RewriteRule ^.*$ - [E=CLIENT_CERT:%1]
RequestHeader unset L-ClientCert
RequestHeader set L-ClientCert %{CLIENT_CERT}e env=CLIENT_CERT
The certificate is %-encoded to avoid problems with newline characters.
Presumably PHP can use the string in the header to match the
certificate against a list of known certificates.
The certificate digest would be less unwieldy than the entire certificate, but mod_ssl would need some simple changes to make the digest available and I would be reluctant to use a hosting provider who allowed customers to use a modified mod_ssl.
Dave Sparks
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]