You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Schettler, Marty L." <Ma...@leidos.com.INVALID> on 2019/10/26 19:13:00 UTC

[users@httpd] suggested modification to mod_ssl

My application uses a mod_perl fixup handler to connect to an external service to determine user authorization via client PKI certificate.

However, mod_ssl doesn't reliably supply the client certificate information (in particular SSL_CLIENT_S_DN) in time for my module to process it.

I suggest adding the following at ssl_engine_kernel.c:1333

ssl_hook_Fixup(r);

Does that make sense, or am I missing something? I can't use FakeBasicAuth because I don't control the external service that I'm calling.

Thanks!
Marty