Mongrel users - Jul 2006 - Getting ssl environment to mongrel from apache

I have apache 1.3 with mod_ssl in front of mongrel/rails.  Apache is
setup to require client certification, and I''m trying to figure out
how to pass the ssl env variables to mongrel.  Here is the apache
config to proxy requests to mongrel.  I haven''t tried to pass env
variables like this before so I''m not sure if it''s the apache
config I
have wrong, if mongrel isn''t picking up the env variables I am
setting, or if it''s just not possible to do what I''m trying to
do.
Any guidance would be appreciated.

ProxyPass /xml/   http://localhost:88/xml/
RewriteEngine On
RewriteRule ^/xml/(.*) /xml/$1 [P,E=SSL_CLIENT_CERT:%{SSL_CLIENT_CERT}]

>
> ProxyPass /xml/   http://localhost:88/xml/
> RewriteEngine On
> RewriteRule ^/xml/(.*) /xml/$1 [P,E=SSL_CLIENT_CERT:%{SSL_CLIENT_CERT}]
>
One note on this, I''ve also tried the following (the above is just one
of my last efforts):

[P,E=SSL_CLIENT_CERT:%{SSL:SSL_CLIENT_CERT}]
[P,E=SSL_CLIENT_CERT:%{ENV:SSL_CLIENT_CERT}]

On Tue, 2006-07-25 at 10:51 -0700, snacktime wrote:
> I have apache 1.3 with mod_ssl in front of mongrel/rails.  Apache is
> setup to require client certification, and I''m trying to figure
out
> how to pass the ssl env variables to mongrel.  Here is the apache
> config to proxy requests to mongrel.  I haven''t tried to pass env
> variables like this before so I''m not sure if it''s the
apache config I
> have wrong, if mongrel isn''t picking up the env variables I am
> setting, or if it''s just not possible to do what I''m
trying to do.
> Any guidance would be appreciated.
> 
Did you get this working yet?


-- 
Zed A. Shaw
http://www.zedshaw.com/
http://mongrel.rubyforge.org/
http://www.railsmachine.com/ -- Need Mongrel support?

On 8/3/06, Zed Shaw <zedshaw at zedshaw.com>
wrote:
> On Tue, 2006-07-25 at 10:51 -0700, snacktime wrote:
> > I have apache 1.3 with mod_ssl in front of mongrel/rails.  Apache is
> > setup to require client certification, and I''m trying to
figure out
> > how to pass the ssl env variables to mongrel.  Here is the apache
> > config to proxy requests to mongrel.  I haven''t tried to pass
env
> > variables like this before so I''m not sure if it''s
the apache config I
> > have wrong, if mongrel isn''t picking up the env variables I
am
> > setting, or if it''s just not possible to do what I''m
trying to do.
> > Any guidance would be appreciated.
> >
>
> Did you get this working yet?
No, but the problem is that I''m using apache 1.3 that doesn''t
have a
way to set custom headers in the proxy request.  2.X would work, it''s
just not an option in this case.  In any case it''s definitely not a
mongrel issue per say.

Using scgi does work, although I''ve ran into a different problem where
my app throws a Device Not Configured error when trying to make an
https connection after being idle for a few hours.  I have a feeling
something in the mix isn''t thread safe, but it''s a bit above
me to
track down.

The next thing I might try is to use pound.  It will pass the ssl
client certificate to mongrel/rails where I can just do the
certificate verification manually with openssl.