This is technically both a mod_perl and mod_ssl question. Maybe I
should harass their mailing list too.

I have a PerlAccessHandler that needs to access certificate
information. According to what I've read the environment isn't loaded
with this information until the fixup phase which occurs right before
the response phase (and well after the access phase). Is there any
other way for me to access certificate information this early in the
Apache process (specifically the data that gets loaded into
SSL_CLIENT_S_DN_CN)? Failing that is there a way for me to force the
fixup phase to occur before the access phase?

Thanks for any help!

-Jason
kaskel [at] ccs.nrl.navy.mil

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

You can try something like ...


# Get SSL variables into subprocess...
my $subr = $r->lookup_uri( $r->uri() );

# Get serial and issuer
my $serial =
$subr->subprocess_env('SSL_CLIENT_M_SERIAL') || "";
my $issuer_slashes =
$subr->subprocess_env('SSL_CLIENT_I_DN') || "";

Hope that works.

Regards
Matt

--- Jason Kaskel <kaskel [at] ccs.nrl.navy.mil> wrote:

> This is technically both a mod_perl and mod_ssl
> question. Maybe I
> should harass their mailing list too.
>
> I have a PerlAccessHandler that needs to access
> certificate
> information. According to what I've read the
> environment isn't loaded
> with this information until the fixup phase which
> occurs right before
> the response phase (and well after the access
> phase). Is there any
> other way for me to access certificate information
> this early in the
> Apache process (specifically the data that gets
> loaded into
> SSL_CLIENT_S_DN_CN)? Failing that is there a way
> for me to force the
> fixup phase to occur before the access phase?
>
> Thanks for any help!
>
> -Jason
> kaskel [at] ccs.nrl.navy.mil
>
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users [at] modssl.org
> Automated List Manager
> majordomo [at] modssl.org
>




__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

On Fri, Jan 14, 2005 at 04:48:09PM -0500, Jason Kaskel wrote:
> This is technically both a mod_perl and mod_ssl question. Maybe I
> should harass their mailing list too.
>
> I have a PerlAccessHandler that needs to access certificate
> information. According to what I've read the environment isn't loaded
> with this information until the fixup phase which occurs right before
> the response phase (and well after the access phase). Is there any
> other way for me to access certificate information this early in the
> Apache process (specifically the data that gets loaded into
> SSL_CLIENT_S_DN_CN)? Failing that is there a way for me to force the
> fixup phase to occur before the access phase?

With the mod_ssl in httpd 2.0, you can do this using Geoff Young's
Apache::SSLLookup module, which extracts variables directly from mod_ssl
rather than going through the environment table:

http://search.cpan.org/~geoff/Apache-SSLLookup-2.00_02/

Regards,

joe
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org