Re: SSL session id?

lena . lindstrom Wed, 19 May 1999 03:51:52 -0700







[EMAIL PROTECTED] on 99-05-17 17:31:40

Please respond to [EMAIL PROTECTED]

To:   [EMAIL PROTECTED]
cc:    (bcc: Lena Lindstr�m/OMT/OMGROUP)
Subject:  Re: SSL session id?



"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:

> On Mon, May 17, 1999, [EMAIL PROTECTED] wrote:
>
> > Is it possible to get the SSL session id
> > for further handling in my servlet?
> >
> > In the ssl_engine_log I can see the
> > request with [info] Connection: Client IP: xx.xx.xx.xx...
> > Is it possible to send this session information
> > to my servlet for further handling?
> >
> > I have the mod_jserv installed and would like
> > to get some session information to my
> > java servlet that I can handle my client authorization.
> >
> > Tricky questions for me, but perhaps easy for
> > someone else :)
>
> I've never used mod_jserv myself and do not know it's code. But per default
> you cannot get the session id (and I see no real reason why you should), but

So other modules can use the SSL Session ID as a key into their own session
data hash table. I brought this up a month or so ago.

> with two or three EAPI-related lines in mod_jserv and mod_ssl you could
> retrieve this information from mod_ssl, I think.

I'll try to post a patch for this...

-Tom

--
Tom Vaughan <tvaughan at aventail dot com>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]






I would really like to get that patch if possible. I have found out how to set
      an environment

variable in jserv_ajpv11.c (ajpv11_handler) which is the connection between the
      web server

and the java extension (servlet). I use the ap_table_addn() function and create
      a dummy

environment variable that reaches my servlet. Fine.



I am still confused about how to get the SSL->session->session_id from there. I
      tried to

get the information in the different routines that use SSL in
      ssl_engine_kernel.c. Unfortunately

all SSL information is empty (NULL) and I hoped to find the session_id from
      there and

set the environment to the request, but no luck.



Does anyone have any more hints how to proceed in the matter?



/Lena


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Re: SSL session id?

Reply via email to
