extract x509v3 data from module mod_ssl or other to another module

how to export ssl data for a session to another module, like cn, serial, etc.
ZOOMPLUSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NopiusCommented:
After SSL session is established you will have a number of server variables, assigned in mod_ssl.
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html

Just analyse them and use their values.
0
ZOOMPLUSAuthor Commented:
How to extract this with C language. API of apache?
0
NopiusCommented:

they are enviroment variables.

So from C it looks like this:

#include <stdlib.h>
// extern char *environ[];
int
main(int argc, char *argv[])
{
    printf("%s\n", getenv("SSL_CLIENT_M_SERIAL"));
    return 0;
}
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

ZOOMPLUSAuthor Commented:
I do not understand how you get the ssl data (diferent of another thread) for one thread with this code.


0
NopiusCommented:
CGI script always run as a separate process, not as a thread.

Also read manuals for mod_ssl: http://www.modssl.org/docs/2.8/ssl_reference.html

From there:

ExportCertData

When this option is enabled, additional CGI/SSI environment variables are created: SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAINn (with n = 0,1,2,..). These contain the PEM-encoded X.509 Certificates of server and client for the current HTTPS connection and can be used by CGI scripts for deeper Certificate checking. Additionally all other certificates of the client certificate chain are provided, too. This bloats up the environment a little bit which is why you have to use this option to enable it on demand.

So you may also get access to PEM encoded client sertificate and the use other functions to retrieve data.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NopiusCommented:
You are a module writer? Sorry, I've missed it.
I cant' help you. But I can advise to look inside mod_ssl source, does it export SSL_SESSION and other session data structures.
0
sleep_furiouslyCommented:
You may want to look at the source of mod_log_config, since it accesses the values of environment variables provided by other modules.

It will depend a lot on if you are working with Apache 1.3 or Apache 2.0, since the model for modules changed a lot between those versions.

Example from mod_log_config in Apache 1.3, see function log_env_var():
http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/1.3.x/src/modules/standard/mod_log_config.c?rev=395984&view=markup

Example from mod_log_config in Apache 2.0, see function log_env_var():
http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/loggers/mod_log_config.c?rev=395235&view=markup

0
sleep_furiouslyCommented:
Oh, never mind on that last one, because mod_log_config does not handle the %{  }x  LogFormat segments ... that is in mod_ssl here (for Apache 2.0), see function ssl_var_log_handler_x():

http://svn.apache.org/viewcvs.cgi/httpd/httpd/branches/2.0.x/modules/ssl/ssl_engine_vars.c?rev=395235&view=markup

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Apache Web Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.