> > but I can't figure out how to get the serial number. > You might want to take a look at SSLOptions +FakeBasicAuth (see > http://www.modssl.org/docs/2.6/ssl_reference.html#ToC21) which will > set REMOTE_USER to the subject of the client certificate. I did set it, and still got nothing (but see below). Also, our company is big enough that there's almost certain to be some non-unique names. I have to differentiate. > > It's not in the handler's %ENV unless I PerlPassEnv > > SSL_CLIENT_M_SERIAL, which comes through empty, even though the CGI > > environment gets it later. Should I use something other than > > $ENV{...} and $r->subprocess_env(...)? > This is either because you do not have SSLOptions +StdEnvVars..... It's set also. I did so both globally, and in the directory in question. No effect. > Alternatively your problem may be that the variable isn't available > at the time of the request when it hits mod_perl. Some of the people > on the mod_perl list use mod_ssl and might be able to help. Apparently %ENV isn't populated until the response phase unless you PerlPassEnv, but that didn't work either. I added SSLVerifyClient require SSLRequireSSL to a <Location> section, and then $r->subprocess_env(...) found them, but now I'm still having the same problem with cookies. =o) Another related question: is there a way (such as setting $c->user($name) on a connection object) to get the browser to correctly populates the username on subsequest calls? ....though I think maybe these are mod_perl questions, and not ssl? Paul ---- "There is nothing at last sacred but the integrity of your own mind." -- the *Reverend* Ralph Waldo Emerson. __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
