Hey all --
So, I might be a bit crazy here, and there might be a perfectly good way to
do this that I'm not aware of, and my searches aren't returning anything
useful. Hitting me with a clue-stick is quite welcome. :-)
I'm working on a site where all of the users already have SSL certs
identifying themselves installed in their browser (for a different site,
same project). I'd like to have Apache handle the messy SSL bits, and
Apache already provides me with the directives needed to do this, including
authenticating the cert by checking the its signature against the signer's
CA. Apache also provides a whole slew of environment variables, on a
per-request basis, for exactly this. [1] I'm then planning on examining
what of the authentication modules I can steal^H^H^H^H^Hliberate to do
client authentication based on what apache is saying. I'm using mod_fcgid
as that's what is packaged with Fedora.
These variables don't seem to be passed on through to the app.
My questions:
1) Is there a way I can get at these SSL_* environment varialbes, on a
per-request basis, from my app?
2) It looks to me like the only sane way to do this is to patch
mod_fcgid to pass the SSL_* vars through as headers. (e.g.
SSL_CLIENT_VERIFY becomes x-ssl_client_verify -- and does the whole
"prepend x-" seem sane?) (This works, and I have such a patch.)
3) ...or, maybe, use some mod_rewrite incantation that's eluded me so far,
though I'm unsure mod_fcgid passes env variables through at all.
4) Is there something I'm missing/overlooking here? Does
Catalyst::Engine::FastCGI stash the passed %env somewhere? Or is there some
other way I can get at it?
Thanks-
-Chris
[1] http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#envvars
--
Chris Weyl
Ex astris, scientia
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
