All, I am trying to configure Apache so that it can pass
the SSL_CLIENT_CERT to my back-end code. I can do this fine, but I have an
additional requirement that, I do not want Apache to do the SSL authentication,
but I want to pass the SSL_CLIENT_CERT to the back-end always and I want the
back-end to do the authentication of the client certificate. I am seeing that
whenever I configure Apache with ‘SSLVerifyClient optional’, if I
send a unauthorized client certificate, my back-end never gets this
information, as mod_ssl terminates the connection at the Apache level itself.
Is there some way, by which I can have ‘SSLVerifyClient optional’,
but still not do the authentication at the Apache level? Thanks Praveen |