They're all in a hashref here: $c->engine->env
        Mark

Chris Weyl wrote:
Hey all --

So, I might be a bit crazy here, and there might be a perfectly good way to do this that I'm not aware of, and my searches aren't returning anything useful. Hitting me with a clue-stick is quite welcome. :-)

I'm working on a site where all of the users already have SSL certs identifying themselves installed in their browser (for a different site, same project). I'd like to have Apache handle the messy SSL bits, and Apache already provides me with the directives needed to do this, including authenticating the cert by checking the its signature against the signer's CA. Apache also provides a whole slew of environment variables, on a per-request basis, for exactly this. [1] I'm then planning on examining what of the authentication modules I can steal^H^H^H^H^Hliberate to do client authentication based on what apache is saying. I'm using mod_fcgid as that's what is packaged with Fedora.

These variables don't seem to be passed on through to the app.

My questions:

1) Is there a way I can get at these SSL_* environment varialbes, on a per-request basis, from my app?
2) It looks to me like the only sane way to do this is to patch
mod_fcgid to pass the SSL_* vars through as headers.  (e.g.
SSL_CLIENT_VERIFY becomes x-ssl_client_verify -- and does the whole
"prepend x-" seem sane?)  (This works, and I have such a patch.)
3) ...or, maybe, use some mod_rewrite incantation that's eluded me so far, though I'm unsure mod_fcgid passes env variables through at all. 4) Is there something I'm missing/overlooking here? Does Catalyst::Engine::FastCGI stash the passed %env somewhere? Or is there some other way I can get at it?

Thanks-
                                       -Chris

[1] http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#envvars

--
Chris Weyl
Ex astris, scientia


------------------------------------------------------------------------

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Reply via email to