Gunnar Vestergaard wrote:
> My goal is to let visitors of my web site authenticate themselves to
> my web server using some certificate, possibly S/MIME certificates.
> As I understand the documentation for PHP, there is no means whereby
> PHP can read and interpret an SSL client certificate. Is that correct?
It's possible to configure Apache 2 to add the client certificate to a
request header. From one of my configuration files:
RewriteCond ${ESC:%{SSL:SSL_CLIENT_CERT}} \
^.*(-----BEGIN%20(X509%20|TRUSTED%20|)CERTIFICATE-----(%0[Dd])?%0[Aa].*%0[Aa]-----END%20\2CERTIFICATE-----(%0[Dd])?%0[Aa]).*$
RewriteRule ^.*$ - [E=CLIENT_CERT:%1]
RequestHeader unset L-ClientCert
RequestHeader set L-ClientCert %{CLIENT_CERT}e env=CLIENT_CERT
The certificate is %-encoded to avoid problems with newline characters.
Presumably PHP can use the string in the header to match the
certificate against a list of known certificates.
The certificate digest would be less unwieldy than the entire
certificate, but mod_ssl would need some simple changes to make the
digest available and I would be reluctant to use a hosting provider who
allowed customers to use a modified mod_ssl.
Dave Sparks
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]