httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nicolas.villoutr...@accenture.com
Subject RE : [users@httpd] RE : [users@httpd] Forwarding client Certficates from mod_ssl to a distant mod_jk through HTTPHeaders.
Date Tue, 02 Mar 2004 11:05:12 GMT
Hi Jo,
thanks a lot for your fix : (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23223)
It is working perfectly, i have now the client certificate passed from one server to another
through an HTTP Header.
 
                   Apache                            -------->   Apache   --------->
  Tomcat
 (mod_ssl, mod_headers, mod_proxy)                (mod_jk)             (servlet can read the
client certificate)
 
I have just a small probleme remaining, i do get the client certificate as an environment
variable from the RequestHeader:  
HTTP_SSL_CLIENT_CERT="-----BEGIN CERTIFICATE----- MIICqTCCAhICAQIwDQYJKoZIhvcNAQEEBQAwgbAxCzAJBgNVBAYTAkZSMQwwCgYD
VQQ
 
But mod_jk expects an environment variable named SSL_CLIENT_CERT,
is there an easy way to rename or create this new variable using the content of the first
variable,
i tried : SetEnv SSL_CLIENT_CERT %{HTTP_SSL_CLIENT_CERT}e
           SetEnv SSL_CLIENT_CERT %{HTTP_SSL_CLIENT_CERT}
           SetEnv SSL_CLIENT_CERT ${HTTP_SSL_CLIENT_CERT}
 
but it does not work.
 
I saw you post an other fix : http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/metadata/mod_headers.c?r1=1.49&r2=1.50
In what way is it better than the first one? Is it because you do not have to tell mod_ssl
to export variables?
 
Thanks a lot Joe, i hope some day i will be able to write some fix to apache like you did,

in the meantime, i will try to test and post some questions to improve the whole stuff.
 
Cheers,
Nicolas.
 
 
 
 
 
 
 

	-------- Message d'origine-------- 
	De: Joe Orton [mailto:jorton@redhat.com] 
	Date: ven. 27/02/2004 21:11 
	À: Villoutreix, Nicolas 
	Cc: users@httpd.apache.org 
	Objet: Re: [users@httpd] RE : [users@httpd] Forwarding client Certficates from mod_ssl to
a distant mod_jk through HTTPHeaders.
	
	

	On Fri, Feb 06, 2004 at 01:47:35PM +0100, nicolas.villoutreix@accenture.com wrote:
	> Hi Joe,
	> for my purpose, i think the first method would be better.
	> 
	> I want to forward the ssl certificate from one apache to an other. The
	> solution i experimented was using mod_proxy and mod_headers.
	
	Nicolas, I just attached a mod_headers fix for this to the bug:
	
	http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23223
	
	Is this a workable solution for you too?
	
	Regards,
	
	joe
	



This message is for the designated recipient only and may contain privileged, proprietary,
or otherwise private information.  If you have received it in error, please notify the sender
immediately and delete the original.  Any other use of the email by you is prohibited.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message