Client Certificates in Mongrel

I think the cert is just used by Apache for the SSL handshake... it's not passed along as a header or anything (that would be a big header).

What I've done is to have Apache (in the SSL conf) add certain headers to the request if the cert is verified:

     RequestHeader set X_FORWARDED_PROTO "https"      RequestHeader set X_SSL_VERIFIED "true"

and then check for these headers in the rails code.

HTH.

b

Fred Kaufman wrote:

Well, you're pushing the boundaries of my knowledge here.... maybe try dumping various ssl env vars[1] into the logs and see what you come up with?

That or maybe there's an SSL wizard lurking out there?

b

[1] mod_ssl - Apache HTTP Server Version 2.2

Fred Kaufman wrote: