Client Info

I aplogize if this is a re-send. I never heard anything back about it,
and it seems like a pretty simple question, so I don't know if my
message went out to the list.

The SSL_CLIENT_* variables are not appearing in my environment. My web
host insists it's something my CGI needs to do to request this
information from the client, but that doesn't make sense to me. I
obtained a certificate from Thawte and installed it in my browser, but
that doesn't make a difference. Is there something else I need to do?
Is there something my host needs to do?

--
Alan Little
Holotech Enterprises

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Client Info

On Sun, Nov 09, 2003 at 04:01:59PM -0500, modssl@holotech.net wrote:
> I aplogize if this is a re-send. I never heard anything back about it,
> and it seems like a pretty simple question, so I don't know if my
> message went out to the list.
>
> The SSL_CLIENT_* variables are not appearing in my environment. My web
> host insists it's something my CGI needs to do to request this
> information from the client, but that doesn't make sense to me. I
> obtained a certificate from Thawte and installed it in my browser, but
> that doesn't make a difference. Is there something else I need to do?
> Is there something my host needs to do?
>
Those fields will be filled when using client certificates - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC17

also remember to turn on SSLOptions +StdEnvVars - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

vh

Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re[2]: Client Info

Thanks for the reply. I should be able to just add these lines to my
..htaccess:

SSLVerifyClient optional
SSLOptions +StdEnvVars

and have the client variables in my environment (assuming the client
has a certificate installed), correct? Sorry I didn't RTFM earlier,
but I assumed it would be something complicated, and something only my
host could configure anyway.

Anyway, I tried that and I still don't get the client variables. Am I
missing something? Is it possible the main configuration is overriding
mine?

--
Alan Little
Holotech Enterprises

On Tuesday, November 11, 2003, 4:16:51 PM, you wrote:


> On Sun, Nov 09, 2003 at 04:01:59PM -0500, modssl@holotech.net wrote:
>> I aplogize if this is a re-send. I never heard anything back about it,
>> and it seems like a pretty simple question, so I don't know if my
>> message went out to the list.
>>
>> The SSL_CLIENT_* variables are not appearing in my environment. My web
>> host insists it's something my CGI needs to do to request this
>> information from the client, but that doesn't make sense to me. I
>> obtained a certificate from Thawte and installed it in my browser, but
>> that doesn't make a difference. Is there something else I need to do?
>> Is there something my host needs to do?
>>
> Those fields will be filled when using client certificates - see
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC17

> also remember to turn on SSLOptions +StdEnvVars - see
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21

> vh

> Mads Toftum

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Re[2]: Client Info

On Tue, Nov 11, 2003 at 04:29:22PM -0500, modssl@holotech.net wrote:
> Thanks for the reply. I should be able to just add these lines to my
> .htaccess:
>
> SSLVerifyClient optional
> SSLOptions +StdEnvVars
>
require would be better than optional (at least for testing).

> and have the client variables in my environment (assuming the client
> has a certificate installed), correct? Sorry I didn't RTFM earlier,
> but I assumed it would be something complicated, and something only my
> host could configure anyway.
>
> Anyway, I tried that and I still don't get the client variables. Am I
> missing something? Is it possible the main configuration is overriding
> mine?

I must say that I've never really felt like playing around with my
ssl setup in .htaccess files... one thing to check is wether the
AllowOverride settings allow those directives in .htaccess - see Override
for SSLVerifyClient and SSLOptions. Especially the Options override
required by SSLOptions is something that won't be allowed.

vh

Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org