You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1995/11/18 19:42:07 UTC

Re: another idea

> 
> 	The netsite commerce server sets the environment variable
> "HTTPS" when someone has an SSL connection. I think it would be a good
> idea to do that for apache/ssl. (On my site both the SSL and the
> non-SSL servers serve the same document set, but I want some CGIs to
> only be run through the SSL server, so theyy can do a check for the
> existence of that environment variable.)
> 
> 	What would be an appropriate name for the environment
> variable?

Hmm, HTTPS would seem logical. What does netsite set it to?

> And -- I'm not too familiar with how environment variables
> get passed to scripts that get run-- how do I set the variable in a
> module so that it gets passed to CGI, SSI, etc?

I looked at this a while back, but I forget the details (it was somewhat
arcane, I seem to remember). It's getting late here, but I'll take a look
tomorrow.

Cheers,

Ben.

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Re: another idea

Posted by Rob McCool <ro...@netscape.com>.
/*
 * "Re: another idea" by Ben Laurie <be...@gonzo.ben.algroup.co.uk>
 *    written Sat, 18 Nov 1995 23:31:25 +0000 (GMT)
 * 
 * Thanks for the info. Does this mean that checking for the presence
 * of HTTPS, rather than the value, is erroneous?

In a Netscape server, it means the server is SSL-capable, not that the
server using it.

 * Wouldn't an HTTPS_VERSION (and perhaps HTTPS_FLAVOUR) be good, too?
 */

Yes, it would. There are more variables going in with client
authentication, also. Sameer's suggestion of HTTPS_CIPHER makes sense
as well.

--Rob

Re: another idea

Posted by Rob McCool <ro...@netscape.com>.
/*
 * "Re: another idea" by sameer <sa...@c2.org>
 *    written Sat, 18 Nov 1995 14:25:38 -0800 (PST)
 * 
 **  Hmm, HTTPS would seem logical. What does netsite set it to?
 * 	I beleive it only sets it to yes/no or something like that.
 * 
 */

Close. It's "ON" or "OFF". Netsite also provides the size of the
stream key as HTTPS_KEYSIZE, and the size of the secret part of the
stream key as HTTPS_SECRETKEYSIZE. Both are integers.

--Rob