问题
My users are connecting to my app thanks to a smartcard containing a certificate. I am using httpd to make sure the certificate is valid :
SSLCACertificateFile "${SRVROOT}/conf/ssl/certs/usersCA.crt"
It works fine but I'd like to know who my user is on the server side (a spring app running on tomcat).
The certificat contains a unique ID which I can use to know who the user is. Unfortunately it's stored in the subjectAltName (http://wiki.cacert.org/FAQ/subjectAltName).
For reference the "openssl.cnf" used during the certificat generation contains :
subjectAltName = dirName:alt_names
[alt_names]
description="Id=123456789"
I know that with httpd I can transfere the certificate data to http headers that my server will be able to handle. For example with :
RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
I get the DN subject.
But I can't find a way to get my Id stored in the subject alternative name. With SSL_CLIENT_SAN_Email_n or SSL_CLIENT_SAN_DNS_n I can get DNS or email data but Ican't find a way to get my data stored here :
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DirName:/description=Id=123456789
Do you know wich httpd directive I can use to send my data through http header?
Thanks.
来源:https://stackoverflow.com/questions/43942856/how-to-send-subject-alternative-name-data-from-ssl-certificate-with-apache-htt