CGI/SSL spec?

Hi,

I tried searching the archives, to find out where I might be able
to read about a CGI/SSL spec, but I couldn't turn anything up?
While I have read the mod_ssl ref on envirionment variables, I was
hoping to find out what source the group used to compile this list
of environment variables. I also consulted the CGI spec, but it did
not cover any SSL specific variables.

Could someone tell me, is there such a spec, or did the group arbitrarily
compile a list of SSL env vars to include in the CGI env?

--
thanks,
Philip Champon Affinity Developer
Ph - 954-334-8156
Em - pchampon@valueweb.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: CGI/SSL spec?

Hi Philip,

Dumping the environment variables is a very simple task. Try:


#!/bin/sh
echo "Content-type: text/plain"
echo ""
/usr/bin/printenv


chmod it and stick it on your SSL server and run it.


Philip Champon wrote:

> Hi,
>
> I tried searching the archives, to find out where I might be able
> to read about a CGI/SSL spec, but I couldn't turn anything up?
> While I have read the mod_ssl ref on envirionment variables, I was
> hoping to find out what source the group used to compile this list
> of environment variables. I also consulted the CGI spec, but it did
> not cover any SSL specific variables.
>
> Could someone tell me, is there such a spec, or did the group arbitrarily
> compile a list of SSL env vars to include in the CGI env?
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: CGI/SSL spec?

Thanks, but I was more so looking to find out if there was some sort of
formal spec that the mod_ssl team used to decide what SSL environment
variables to create. I am making some changes to stunnel to support http
proxying and I wanted to include some headers for user CGIs. Since I can
not find any spec, describing what SSL environment variables are expected,
I have simply chosen to insert the headers X-Https and X-Session-Id.

Thus spake Colin Faber, on the year of our L*rd Wed, Aug 20, 2003 at 05:32:58PM -0600:
> Dumping the environment variables is a very simple task. Try:
>
>
> #!/bin/sh
> echo "Content-type: text/plain"
> echo ""
> /usr/bin/printenv
>
>
> chmod it and stick it on your SSL server and run it.
>
>
> Philip Champon wrote:
>
> >Hi,
> >
> >I tried searching the archives, to find out where I might be able
> >to read about a CGI/SSL spec, but I couldn't turn anything up?
> >While I have read the mod_ssl ref on envirionment variables, I was
> >hoping to find out what source the group used to compile this list
> >of environment variables. I also consulted the CGI spec, but it did
> >not cover any SSL specific variables.
> >
> >Could someone tell me, is there such a spec, or did the group arbitrarily
> >compile a list of SSL env vars to include in the CGI env?
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--
Philip Champon Affinity Developer
Ph - 954-334-8156
Em - pchampon@valueweb.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: CGI/SSL spec?

http://www.apache-ssl.org/docs.html#CGI

but there is no RFC for SSL envvars that I'm aware of. mod_ssl offers a
more complete list than is shown above. This can be found at:

http://www.modssl.org/docs/2.8/ssl_reference.html#ToC25

since the server is what's setting the environment variable, you need to go
by the documentation you're working with. A good example of a popular, yet
optional envvar is HTTP_REFERER .. this is a completely optional envvar left
up to the browser's implementation team. So, to depend on this variable,
you need to be positive of the client hitting your server. Likewise the SSL
envvars.

Regards,
-dsp


-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org]On Behalf Of Philip Champon
Sent: Friday, August 22, 2003 2:42 PM
To: modssl-users@modssl.org
Subject: Re: CGI/SSL spec?


Thanks, but I was more so looking to find out if there was some sort of
formal spec that the mod_ssl team used to decide what SSL environment
variables to create. I am making some changes to stunnel to support http
proxying and I wanted to include some headers for user CGIs. Since I can
not find any spec, describing what SSL environment variables are expected,
I have simply chosen to insert the headers X-Https and X-Session-Id.

Thus spake Colin Faber, on the year of our L*rd Wed, Aug 20, 2003 at
05:32:58PM -0600:
> Dumping the environment variables is a very simple task. Try:
>
>
> #!/bin/sh
> echo "Content-type: text/plain"
> echo ""
> /usr/bin/printenv
>
>
> chmod it and stick it on your SSL server and run it.
>
>
> Philip Champon wrote:
>
> >Hi,
> >
> >I tried searching the archives, to find out where I might be able
> >to read about a CGI/SSL spec, but I couldn't turn anything up?
> >While I have read the mod_ssl ref on envirionment variables, I was
> >hoping to find out what source the group used to compile this list
> >of environment variables. I also consulted the CGI spec, but it did
> >not cover any SSL specific variables.
> >
> >Could someone tell me, is there such a spec, or did the group arbitrarily
> >compile a list of SSL env vars to include in the CGI env?
> >
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

--
Philip Champon Affinity Developer
Ph - 954-334-8156
Em - pchampon@valueweb.com
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org



____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org