[mod_gnutls-devel] passing the identity to a backend process
thomas2.klute at uni-dortmund.de
Sun May 15 12:52:56 CEST 2016
Am 13.05.2016 um 04:28 schrieb Ramkumar Chinchani:
> Here is my use case (not necessarily specific to mod_gnutls):
> TLS termination is handled by mod_gnutls
> However, apache is also acting as a reverse proxy and it is required
> to communicate the authenticated identity to a backend process.
> What are my options?
I assume that you want to use TLS client authentication. The easiest way
is probably to use the SSL_* environment variables (see the "Environment
Variables" section in the manual), which pass various bits of
information on the TLS connection. A remote application can't directly
access the environment, but you could use mod_headers and the
RequestHeader directive  to pass the data you need (e.g. the DN of a
client certificate) in a custom header.
If you have a working config, I'd be interested in adding an example to
the manual. ;-)
More information about the mod_gnutls-devel