Secure Sockets Layer environment variables
The mod_ibm_ssl parameter provides access to information about an Secure Sockets Layer (SSL) session by setting variables in the Apache API subprocess_env table for the active request. These variables are considered environment variables because of how information is accessed when the variables are passed to CGI applications.
We can categorize SSL environment variables into three types based on the type of information that is accessed when the variable is passed to the application.- Variables for information regarding the SSL handshake
- Variables for exposing the server certificate information
- Variables for exposing client certificate information, when client authentication is enabled.
The following table provides the types of access to information as well as the mechanisms used to access information using SSL environment variables.
| Access type | Mechanism |
|---|---|
| access from a CGI or FastCGI application | The information is passed to the CGI application as an environment variable. Use the method provided by the implementation language for accessing environments, such as getenv ("HTTPS") in C or $ENV{'HTTPS'} in Perl. For a SSL environment variable to be used in CGI or FastCGI, there must be a corresponding PassEnv directive. |
| access from a plug-in module | The information is available in the subprocess_env table after the quick handler has run. Access it with a call such as apr_table_lookup (r->subprocess_env,"HTTPS") |
| logging in the access log with other information about the request | Use the following %{varname}e example.LogFormat "%h %l %u %t \ "%r\ " %>s
%b %{HTTPS}e" ssl-customIf the information is not available, mod_log_config logs a dash (-) for the field. |
| use with the setenvif variable | # Silly example, don't compress SSL connectionsSetEnvIf HTTPS no-gzip |
| use as part of a mod_rewrite rule variable | RewriteEngine On
RewriteCond %{ENV:HTTPS} ^OFF$
RewriteRule .* /no-sssl.html |
| access in an SSI document | In order for an SSL environment variable to
be used in an SSI document, there must be a corresponding PassEnv
directive.SSL is <!--#echo var="HTTPS" --> |
| access control | Allow from env=HTTPS |
- SSL handshake environment variables
Secure Sockets Layer (SSL) handshake environment variables are used to access server certificate information. When an SSL handshake is successfully completed, the SSL handshake environment variables are automatically set. - Server certificate environment variables
Server certificate environment variables are used to access server certificate information. The server certificate environment variables are automatically set. If client authentication is not configured, references to these values are empty. - Client certificate environment variables
Client certificate environment variables are used to access client certificate information when client authentication is enabled. If client authentication is not enabled, references to these values are empty.