Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 210
  • Last Modified:

extract x509v3 data from module mod_ssl or other to another module

how to export ssl data for a session to another module, like cn, serial, etc.
0
ZOOMPLUS
Asked:
ZOOMPLUS
  • 4
  • 2
  • 2
2 Solutions
 
NopiusCommented:
After SSL session is established you will have a number of server variables, assigned in mod_ssl.
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Just analyse them and use their values.
0
 
ZOOMPLUSAuthor Commented:
How to extract this with C language. API of apache?
0
 
NopiusCommented:

they are enviroment variables.

So from C it looks like this:

#include <stdlib.h>
// extern char *environ[];
int
main(int argc, char *argv[])
{
    printf("%s\n", getenv("SSL_CLIENT_M_SERIAL"));
    return 0;
}
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
ZOOMPLUSAuthor Commented:
I do not understand how you get the ssl data (diferent of another thread) for one thread with this code.


0
 
NopiusCommented:
CGI script always run as a separate process, not as a thread.

Also read manuals for mod_ssl: http://www.modssl.org/docs/2.8/ssl_reference.html

From there:

ExportCertData

When this option is enabled, additional CGI/SSI environment variables are created: SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAINn (with n = 0,1,2,..). These contain the PEM-encoded X.509 Certificates of server and client for the current HTTPS connection and can be used by CGI scripts for deeper Certificate checking. Additionally all other certificates of the client certificate chain are provided, too. This bloats up the environment a little bit which is why you have to use this option to enable it on demand.

So you may also get access to PEM encoded client sertificate and the use other functions to retrieve data.
0
 
NopiusCommented:
You are a module writer? Sorry, I've missed it.
I cant' help you. But I can advise to look inside mod_ssl source, does it export SSL_SESSION and other session data structures.
0
 
sleep_furiouslyCommented:
You may want to look at the source of mod_log_config, since it accesses the values of environment variables provided by other modules.

It will depend a lot on if you are working with Apache 1.3 or Apache 2.0, since the model for modules changed a lot between those versions.

Example from mod_log_config in Apache 1.3, see function log_env_var():
http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/1.3.x/src/modules/standard/mod_log_config.c?rev=395984&view=markup

Example from mod_log_config in Apache 2.0, see function log_env_var():
http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/loggers/mod_log_config.c?rev=395235&view=markup

0
 
sleep_furiouslyCommented:
Oh, never mind on that last one, because mod_log_config does not handle the %{  }x  LogFormat segments ... that is in mod_ssl here (for Apache 2.0), see function ssl_var_log_handler_x():

http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_vars.c?rev=395235&view=markup

0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now