In article <[EMAIL PROTECTED]> you wrote: > [see the "Linux -- Strongly Advise Against..." message for the ssh > patch, sorry] > > Ok, now here's my question to the OpenSSL list, since I know Ralf and > Ben read it. Where should I go to look for/talk about how I may patch > mod_ssl to overwrite the REMOTE_USER environment variable with the value > of SSL_CLIENT_S_DN_CN if I turn on an option, let's call it > +SSLRemoteUser, for a Location element? I would like to make mod_ssl / > ApacheSSL act in a fashion that lets Apache Jserv users transparently > create sessions based on the contents of a user's DN_CN, and the Servlet > API only specifies that servers ought to jam this information into the > value retrieved by req.getRemoteUser(). So I went to the bookstore and > bought the Apache module book, but it's still unclear to me where I need > to start. I have programmed in C/C++ off and on for two years so it's > more a matter of guidance than syntax. Anyways, any assistance would be > greatly appreciated because this will then let the Java-Apache project > "Dash" able to use client-side SSL yet remain server-independent. > > I sent Ralf an email and looked for a mod_ssl developer list of some > sort, as well, but neither has been fruitful yet. Any help will be much > appreciated (and ought to make it into mod_ssl 2.3.x with any luck). When you really want to patch this into mod_ssl you can insert it into ssl_hook_Auth() where similar things are already done for the faked Basic Auth facility. OTOH you can also write a stand-alone mod_foobar.c which creates such variables in it's own API auth hook. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
