On 2012-06-26 19:56, oh...@cox.net wrote:
You cannot wait until mod_ssl runs its fixups, you have to hook one of
the hooks that execute earlier than webgate's check_user_id or
auth_checker. (You have to hook one of the hooks (1)-(4).) There, in
your hook, you have to get yourself the values of the server
certificates, client certificate, etc, everything that mod_ssl would
have given you, but too late.
"
I guess that what I'm seeing is exactly what you said would happen, i.e., my
check_user_id hook function is being called, but none of the SSL vars are
populated (since, as you said mod_ssl doesn't populate them until the fixup
phase).
What mechanisms/methods could I use to get those SSL vars ("you have to get yourself
the values of the server certificates, client certificate, etc, ") at this point?
I don't know, unfortunately. Have a look at the sources
(modules/ssl/ssl_engine_kernel.c, ssl_hook_Fixup) to see how mod_ssl
does it.
Apparently mod_ssl uses ssl_var_lookup defined in ssl_engine_vars.c.
Maybe you can use it in check_user_id already.
Sorin
