michael at stroeder.com
Fri Aug 18 18:04:51 EST 2000
Rich Salz wrote: > > > BTW, one way to get DN is "SSLOptions +FakeBasicAuth", then the DN > > should appear in req.connection.user. > > Right. But I need more than that. I need to know *if* there's a client > cert, all the nitty-gritty details of it (e.g., what the keyUsage > extension is), I need to do my own verification, no CRL processing, my > own chain verification, etc. Lots of stuff. I'm not sure I fully understand the problem but if you set SSLOptions +ExportCertData you will get the client and server certs "PEM"-formatted exported to the OS environment in variables SSL_CLIENT_CERT and SSL_SERVER_CERT. Ciao, Michael.