[mod_python] Client certificate?

Conrad Steenberg conrad at hep.caltech.edu
Tue Feb 26 15:40:23 EST 2002


Thanks, this helps clarify things.

Cheers!

Conrad

On Tue, 2002-02-26 at 15:38, Rich Salz wrote:
> Okay, let me try to be more explicit.
> 
> We use SWIG (www.swig.org).  SWIG can parse header files and generate
> modules for various scripting languages, including Python.  So, for
> example, a SWIG interface file might say
> 	int UsingSSL(request_rec* r);
> 	char* GetClientDN(request_rec* r);
> and so on.  The actual implementation of those functions tend to be
> fairly short Apache ap_xxx calls, such as
> 
> int
> UsingSSL(request_rec* r)
> {
>     return ap_ctx_get(r->connection->client->ctx, "ssl") != NULL;
> }
> 
> We can create an Apache module that has our "swigged" extensions, and
> build that into Apache.  (Or make it a shared library, DSO, whatever.)
> 
> The only "trick" is how to get that request_rec pointer.  It turns out
> to be not that hard, because SWIG actually uses strings to represent
> pointers.
> 
> So, we patched mod_python to add a new method to the mod_python request
> object; this new method returns a swig-compatible pointer(string) up to
> Python.  From python code, then, we can call the SWIG functions we wrote
> as described above.
> 
> So, in our case,
> 	from zolera import pyssl
> 	h = req.get_swig_handle()
> 	if h.UsingSSL():
> 		dn = h.GetClientDN()
> 	else:
> 		return Apache.Unauthorized
> 
> We have found it easier (again, since we were already using SWIG), to
> just add the one function to mod_python, and then to use SWIG for
> everything else.
> 
> Hope this helps.
> 	/r$
> -- 
> Zolera Systems, Securing web services (XML, SOAP, Signatures,
> Encryption)
> http://www.zolera.com
-- 
*-----------------------------------------*
| Conrad Steenberg                        |
| Caltech, Mail Code 356-48               |
| Pasadena, CA, 91125                     |
| e-mail: conrad at hep.caltech.edu          |
| Tel: (626) 395-8758                     |
*-----------------------------------------*




More information about the Mod_python mailing list