You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Schettler, Marty L." <Ma...@leidos.com.INVALID> on 2019/10/26 19:13:00 UTC
[users@httpd] suggested modification to mod_ssl
My application uses a mod_perl fixup handler to connect to an external service to determine user authorization via client PKI certificate.
However, mod_ssl doesn't reliably supply the client certificate information (in particular SSL_CLIENT_S_DN) in time for my module to process it.
I suggest adding the following at ssl_engine_kernel.c:1333
ssl_hook_Fixup(r);
Does that make sense, or am I missing something? I can't use FakeBasicAuth because I don't control the external service that I'm calling.
Thanks!
Marty