On Thu, Feb 16, 2017 at 9:26 PM, Eric Covener <covener@xxxxxxxxx> wrote:On Thu, Feb 16, 2017 at 11:16 AM, Andrei Ivanov <andrei.ivanov@xxxxxxxxx> wrote:
> Is there a way to debug this? To print the values from the _expression_ in the
> logs maybe?
One simple way to debug is to use the same [sub-]expressions in
mod_headers conditions or header values
Great idea, thanks :-)
Header set Client-IP "%{REMOTE_ADDR}e"
Header set Client-SAN "%{PeerExtList('2.5.29.17')}s"
Header set Client-DN "%{SSL_CLIENT_S_DN}s"
Client-IP: 159.107.78.110
Client-SAN: (null)
Client-DN: CN=client-with-subjectAltName-with-just-IPs-2 Unfortunately, I don't get the Client SAN :-(Btw, this is with Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fipsI was also trying the Header with expr=value, but then I noticed it's available in 2.4.10 and later.
|