Hi all,
For a while we've been relying on our load balancers to terminate SSL
for us, and place details of client certs into HTTP headers before
passing a connection backwards (through a further SSL protected
connection).
We're in a situation where we want to use httpd instead of a load
balancer for this, and I've noticed that we can't place cert
parameters into headers like the load balancer can, but are rather
limited to placing the information into the CGI environment only.
Being extensible, ideally we should have a hook which is called that
takes the SSL parameters, and then offer default implementations that
insert the information into the CGI environment, and insert the
information into the request headers, or any other possible
implementation as the admin requires it in some external module.
Most specifically, if SSLOptions +StdEnvVars is specified, the hook
gets called with the data, and an implementation writes them to the
subprocess environment, or headers_in, as appropriate (and as
configured).
Regards,
Graham
--
- mod_ssl: inserting cert parameters into headers Graham Leggett
-