如何使用mod_wsgi从django访问mod_ssl环境变量?

时间:2022-06-18 11:34:25

I'm trying to get the client's certificate and sign an xml file using it. I have added the following to my virtual hosts:

我正在尝试获取客户端证书并使用它签署一个xml文件。我在我的虚拟主机中添加了以下内容:

SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +stdEnvVars

This should allow mod_ssl to get the user's certificate. But I don't know how to pass it along to my django app. Any help is appreciated. Thanks.

这应该允许mod_ssl获得用户的证书。但我不知道如何将它传递给我的django应用程序。谢谢。

3 个解决方案

#1


0  

Those Apache configuration directives mean that mod_ssl environment variables should now be available in the environment inherited by Django. You can therefore access them using the os.environ object in your Django view:

那些Apache配置指令意味着mod_ssl环境变量现在应该可以在Django继承的环境中使用。因此,您可以使用os访问它们。Django视图环境对象:

import os
client_cert = os.environ['SSL_CLIENT_CERT']

The SSL_CLIENT_CERT variable contains the PEM-encoded client certificate.

SSL_CLIENT_CERT变量包含客户机编码的证书。

#2


1  

You should use

你应该使用

SSLOptions +StdEnvVars
SSLOptions +ExportCertData

in apache config to have SSL_CLIENT_CERT in the environment.

在apache config中,在环境中有SSL_CLIENT_CERT。

With flask, it will be in request.environ['SSL_CLIENT_CERT']

对于flask,它将位于request. environment ['SSL_CLIENT_CERT']中

Based on the discusson of the other answer, it might be request.META['SSL_CLIENT_CERT'] for django.

根据对另一个答案的讨论,它可能是请求。django元(“SSL_CLIENT_CERT”)。

#3


0  

SSLOptions +StdEnvVars +ExportCertData

SSLOptions + StdEnvVars + ExportCertData

SSL_CLIENT_CERT will contain the PEM encoded certificate.

SSL_CLIENT_CERT将包含PEM编码的证书。

SSL_CLIENT_CERT_CHAIN_n (where n is a number) and SSL_SERVER_CERT are also included, but probably uninteresting.

还包括SSL_CLIENT_CERT_CHAIN_n(其中n是一个数字)和SSL_SERVER_CERT,但可能并不有趣。

It's a pity that one can't configure exactly which items you want added to the environment. It would be much more svelte having only what's needed (for me common name and that the verify succeeded - though that may be implied with verify required, and for you the client cert PEM).

遗憾的是,我们不能准确地配置要添加到环境中的项目。如果只有需要的东西(对我来说是通用的名字,验证成功了——尽管这可能意味着需要验证,而对您来说是客户cert PEM),那就更简单了。

#1


0  

Those Apache configuration directives mean that mod_ssl environment variables should now be available in the environment inherited by Django. You can therefore access them using the os.environ object in your Django view:

那些Apache配置指令意味着mod_ssl环境变量现在应该可以在Django继承的环境中使用。因此,您可以使用os访问它们。Django视图环境对象:

import os
client_cert = os.environ['SSL_CLIENT_CERT']

The SSL_CLIENT_CERT variable contains the PEM-encoded client certificate.

SSL_CLIENT_CERT变量包含客户机编码的证书。

#2


1  

You should use

你应该使用

SSLOptions +StdEnvVars
SSLOptions +ExportCertData

in apache config to have SSL_CLIENT_CERT in the environment.

在apache config中,在环境中有SSL_CLIENT_CERT。

With flask, it will be in request.environ['SSL_CLIENT_CERT']

对于flask,它将位于request. environment ['SSL_CLIENT_CERT']中

Based on the discusson of the other answer, it might be request.META['SSL_CLIENT_CERT'] for django.

根据对另一个答案的讨论,它可能是请求。django元(“SSL_CLIENT_CERT”)。

#3


0  

SSLOptions +StdEnvVars +ExportCertData

SSLOptions + StdEnvVars + ExportCertData

SSL_CLIENT_CERT will contain the PEM encoded certificate.

SSL_CLIENT_CERT将包含PEM编码的证书。

SSL_CLIENT_CERT_CHAIN_n (where n is a number) and SSL_SERVER_CERT are also included, but probably uninteresting.

还包括SSL_CLIENT_CERT_CHAIN_n(其中n是一个数字)和SSL_SERVER_CERT,但可能并不有趣。

It's a pity that one can't configure exactly which items you want added to the environment. It would be much more svelte having only what's needed (for me common name and that the verify succeeded - though that may be implied with verify required, and for you the client cert PEM).

遗憾的是,我们不能准确地配置要添加到环境中的项目。如果只有需要的东西(对我来说是通用的名字,验证成功了——尽管这可能意味着需要验证,而对您来说是客户cert PEM),那就更简单了。