On Wed, May 17, 2000 at 12:58:21PM -0700, Paul wrote: > Hi, all. Sorry if I spammed anybody while trying to join the list. =o) > > I'm upgrading from an *old* NetScape server to Apache/1.3.12 (Unix) > with mod_perl/1.23, mod_ssl/2.6.4, and OpenSSL/0.9.5a so that we can > use DigiCerts. We have *lots* of scripts (in various languages) > expecting REMOTE_USER, and were going to have the PerlFixupHandler > populate it from a DBM database of id's, using certificate serial > numbers as keys (and set a cookie to avoid redundant disk accesses), > but I can't figure out how to get the serial number. > You might want to take a look at SSLOptions +FakeBasicAuth (see http://www.modssl.org/docs/2.6/ssl_reference.html#ToC21) which will set REMOTE_USER to the subject of the client certificate. > It's not in the handler's %ENV unless I PerlPassEnv > SSL_CLIENT_M_SERIAL, which comes through empty, even though the CGI > environment gets it later. Should I use something other than > $ENV{SSL_CLIENT_M_SERIAL} and $r->subprocess_env('SSL_CLIENT_M_SERIAL')? > This is either because you do not have SSLOptions +StdEnvVars. The default is: <Files ~ "\.(cgi|shtml)$"> SSLOptions +StdEnvVars </Files> <Directory "/usr/local/httpd/cgi-bin"> SSLOptions +StdEnvVars </Directory> Alternatively your problem may be that the variable isn't available at the time of the request when it hits mod_perl. Some of the people on the mod_perl list use mod_ssl and might be able to help. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
