The environment variables created by modssl are not passed back to a forward request. This prevent to retrieve the user's certificate when Apache is used as reverse proxy. This is a major issue for user's authentication. Patch: diff -aur httpd-2.0.49/modules/metadata/mod_headers.c httpd-ocsp/modules/metadata/mod_headers.c --- httpd-2.0.49/modules/metadata/mod_headers.c 2004-02-09 21:53:19.000000000 +0100 +++ httpd-ocsp/modules/metadata/mod_headers.c 2004-08-13 12:10:45.000000000 +0200 @@ -70,6 +70,7 @@ #include "apr_hash.h" #define APR_WANT_STRFUNC #include "apr_want.h" +#include "apr_optional.h" #include "httpd.h" #include "http_config.h" @@ -128,6 +129,14 @@ apr_array_header_t *fixup_out; } headers_conf; +/* Pointer to ssl_var_lookup, if available. */ +APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, + (apr_pool_t *, server_rec *, + conn_rec *, request_rec *, + char *)); +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *header_ssl_lookup = NULL; + + module AP_MODULE_DECLARE_DATA headers_module; /* @@ -146,9 +155,27 @@ { return apr_psprintf(r->pool, "t=%" APR_TIME_T_FMT, r->request_time); } +/* to also get the variables from mod_ssl */ +static const char *header_request_ssl_var(request_rec *r, char *name) +{ + const char *val; + + ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, "Getting env. var. '%s' from mod_sll", name ); + + if ( !header_ssl_lookup) return NULL; + + val = header_ssl_lookup(r->pool, r->server, r->connection, r, name); + if ( !val || !val[0] ) return NULL; + + ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, r->server, "Getting env. var. from mod_sll: '%s'='%s'", name, val ); + + return val; +} static const char *header_request_env_var(request_rec *r, char *a) { const char *s = apr_table_get(r->subprocess_env,a); + /* to also get the variables from mod_ssl */ + if ( !s ) s = header_request_ssl_var(r, a); if (s) return s; @@ -573,9 +600,18 @@ return OK; } +/* to also get the variables from mod_ssl */ +static int header_post_config(apr_pool_t *pconf, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) +{ + header_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup); + return OK; +} + static void register_hooks(apr_pool_t *p) { ap_hook_pre_config(header_pre_config,NULL,NULL,APR_HOOK_MIDDLE); + ap_hook_post_config(header_post_config,NULL,NULL,APR_HOOK_MIDDLE); /* to also get the variables from mod_ssl */ ap_hook_insert_filter(ap_headers_insert_output_filter, NULL, NULL, APR_HOOK_LAST); ap_hook_fixups(ap_headers_fixup, NULL, NULL, APR_HOOK_LAST); ap_register_output_filter("FIXUP_HEADERS_OUT", ap_headers_output_filter,
This is already done on HEAD: http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/metadata/mod_headers.c?r1=1.49&r2=1.50 and is pending some tweaks for inclusion in 2.0.