How to accaess ssl related CGI environment variables
Hello, I'm trying to access ssl related cgi variables (like SSL_CLIENT_S_DN) in zope without success. I use apache/mod_ssl with client certificates and accessing zope with pcgi. Apache verifies the certificate, but how to know it in zope? REQUEST.eviron only have a HTTPS key. I'd like to authenticate based on the SSL_CLIENT_S_DN. Any suggestion? Istvan Vago
Hello! On Sun, 8 Jul 2001, Istvan Vago wrote:
I'm trying to access ssl related cgi variables (like SSL_CLIENT_S_DN) in zope without success. I use apache/mod_ssl with client certificates and accessing zope with pcgi. Apache verifies the certificate, but how to know it in zope? REQUEST.eviron only have a HTTPS key. I'd like to authenticate based on the SSL_CLIENT_S_DN.
PCGI protocol passess the entire environment to Zope. You are to be sure Apache really created the env vars that you want. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.
Oleg Broytmann wrote:
Hello!
On Sun, 8 Jul 2001, Istvan Vago wrote:
I'm trying to access ssl related cgi variables (like SSL_CLIENT_S_DN) in zope without success. I use apache/mod_ssl with client certificates and accessing zope with pcgi. Apache verifies the certificate, but how to know it in zope? REQUEST.eviron only have a HTTPS key. I'd like to authenticate based on the SSL_CLIENT_S_DN.
PCGI protocol passess the entire environment to Zope. You are to be sure Apache really created the env vars that you want.
Well, I was not absolutely correct, I use mod_pcgi2. Also tried fastcgi, but looking in the REQUEST both case, no SSL related variable :-(((( The vars are there, I can use them in apache's conf (eg. write the SSL_CLIENT_S_DN to the log file). Are the vars should be in the REQUEST? Or I should look in somewhere else? Sorry, if I'm asking trivial things. Istvan Vago
Hello! On Mon, 9 Jul 2001, Istvan Vago wrote:
PCGI protocol passess the entire environment to Zope. You are to be sure Apache really created the env vars that you want.
Well, I was not absolutely correct, I use mod_pcgi2. Also tried fastcgi, but looking in the REQUEST both case, no SSL related variable :-((((
As the author of mod_pcgi2 I can assure you that the module passess all environment variables that are available at the moment of request.
The vars are there, I can use them in apache's conf (eg. write the SSL_CLIENT_S_DN to the log file).
May be by some reason Apache does not passes these variables to the mod_pcgi2.
Are the vars should be in the REQUEST? Or I should look in somewhere else?
Yes, I think they must. How did you look into REQUEST.environ? There is a chance Zope's Request object hides some variables from you. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.
Hi! Oleg Broytmann wrote:
Well, I was not absolutely correct, I use mod_pcgi2. Also tried fastcgi, but looking in the REQUEST both case, no SSL related variable :-((((
As the author of mod_pcgi2 I can assure you that the module passess all environment variables that are available at the moment of request.
The vars are there, I can use them in apache's conf (eg. write the SSL_CLIENT_S_DN to the log file).
May be by some reason Apache does not passes these variables to the mod_pcgi2.
Are the vars should be in the REQUEST? Or I should look in somewhere else?
Yes, I think they must. How did you look into REQUEST.environ? There is a chance Zope's Request object hides some variables from you.
I looked in REQUEST's _orig_env attribute first, then went to PCGIServer.py. Here are the vars PCGIServer.py gets: DOCUMENT_ROOT, SERVER_ADDR, HTTP_ACCEPT_ENCODING, SERVER_PORT, PATH_TRANSLATED, REMOTE_ADDR, SERVER_SOFTWARE, GATEWAY_INTERFACE, HTTP_ACCEPT_LANGUAGE, REMOTE_PORT, SERVER_NAME, HTTP_CONNECTION, HTTP_USER_AGENT, HTTP_ACCEPT_CHARSET, HTTP_ACCEPT, REQUEST_URI, HTTP_CGI_AUTHORIZATION, PATH, QUERY_STRING, SERVER_PROTOCOL, HTTPS, PATH_INFO, HTTP_HOST, REQUEST_METHOD, SERVER_SIGNATURE, SCRIPT_NAME, SERVER_ADMIN, SCRIPT_FILENAME, HTTP_COOKIE, HTTP_PRAGMA It must be apache, not passing the the SSL env vars. Thanks Istvan Vago
Istvan Vago writes:
I'm trying to access ssl related cgi variables (like SSL_CLIENT_S_DN) in zope without success. I use apache/mod_ssl with client certificates and accessing zope with pcgi. Apache verifies the certificate, but how to know it in zope? REQUEST.eviron only have a HTTPS key. I'd like to authenticate based on the SSL_CLIENT_S_DN. Any suggestion? Look for an Apache rewrite rule.
They have been used for similar tasks (--> searchable mailing list archives). Dieter
participants (4)
-
Dieter Maurer -
Istvan Vago -
Istvan Vago -
Oleg Broytmann