[mod_gnutls-devel] passing the identity to a backend process
Thomas Klute
thomas2.klute at uni-dortmund.de
Sun May 15 12:52:56 CEST 2016
Am 13.05.2016 um 04:28 schrieb Ramkumar Chinchani:
> Here is my use case (not necessarily specific to mod_gnutls):
>
> TLS termination is handled by mod_gnutls
>
> However, apache is also acting as a reverse proxy and it is required
> to communicate the authenticated identity to a backend process.
>
> What are my options?
I assume that you want to use TLS client authentication. The easiest way
is probably to use the SSL_* environment variables (see the "Environment
Variables" section in the manual), which pass various bits of
information on the TLS connection. A remote application can't directly
access the environment, but you could use mod_headers and the
RequestHeader directive [1] to pass the data you need (e.g. the DN of a
client certificate) in a custom header.
If you have a working config, I'd be interested in adding an example to
the manual. ;-)
Regards,
Thomas
[1] https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader
More information about the mod_gnutls-devel
mailing list