---- Ben Noordhuis <i...@bnoordhuis.nl> wrote: > On Sun, Jun 17, 2012 at 9:46 PM, <oh...@cox.net> wrote: > > Hi, > > > > I am starting to look into implementing an Apache module that can use > > information from an incoming request, including several headers and the > > subject string from a client certificate to do authentication. > > > > I've been looking at the source for mod_auth_certificate, from > > https://modules.apache.org/, as a starting point. > > > > However, it looks like the way that mod_auth_certificate works is that it > > requires that there's an SSLUserName directive to put the client > > certificate DN into the Apache REMOTE_USER attribute, whereas I need the > > entire PEM for the client cert to do authentication that I'm trying to do. > > > > So I was wondering if it's possible for a module to access the > > SSL_CLIENT_S_DN and SSL_CLIENT_CERT environment variables, and if so, how? > > They should be set in r->subprocess_env provided `SSLOptions > +StdEnvVars +ExportCertData` is set in the server or per-directory > config. > > > Also, as mentioned my module would need to access several HTTP headers that > > are in the incoming requests. How can it do that? > > Look them up with `apr_table_get(r->headers_in, "X-Header-Name")`.
Ben, Thanks. I'll give those a try. We already the SSLOptions set as you mentioned, so assuming that I can figure out the coding (it's been a long time since I've done C/C++), that should work :)... Jim
