如何使用 mod_wsgi 从 django 访问 mod_ssl 环境变量?
我正在尝试获取客户端的证书并使用它签署 xml 文件。 我已将以下内容添加到我的虚拟主机中:
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +stdEnvVars
这应该允许 mod_ssl 获取用户的证书。但我不知道如何将它传递到我的 django 应用程序。任何帮助表示赞赏。谢谢。
I'm trying to get the client's certificate and sign an xml file using it.
I have added the following to my virtual hosts:
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +stdEnvVars
This should allow mod_ssl to get the user's certificate. But I don't know how to pass it along to my django app. Any help is appreciated. Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您应该
在 apache 配置中使用 SSL_CLIENT_CERT 在环境中。
对于 Flask,它将位于
request.environ['SSL_CLIENT_CERT']根据其他答案的讨论,它可能是
request.META['SSL_CLIENT_CERT']姜戈。You should use
in apache config to have SSL_CLIENT_CERT in the environment.
With flask, it will be in
request.environ['SSL_CLIENT_CERT']Based on the discusson of the other answer, it might be
request.META['SSL_CLIENT_CERT']for django.这些 Apache 配置指令意味着 mod_ssl 环境变量 现在应该在继承的环境中可用由姜戈.因此,您可以使用 Django 视图中的 os.environ 对象来访问它们:
SSL_CLIENT_CERT 变量包含 PEM 编码的客户端证书。
Those Apache configuration directives mean that mod_ssl environment variables should now be available in the environment inherited by Django. You can therefore access them using the os.environ object in your Django view:
The SSL_CLIENT_CERT variable contains the PEM-encoded client certificate.
SSLOptions +StdEnvVars +ExportCertData
SSL_CLIENT_CERT 将包含 PEM 编码的证书。
SSL_CLIENT_CERT_CHAIN_n(其中 n 是数字)和 SSL_SERVER_CERT 也包括在内,但可能无趣。
遗憾的是,人们无法准确配置要添加到环境中的项目。仅拥有所需的内容会更加简洁(对于我来说通用名称并且验证成功 - 尽管这可能暗示需要验证,对于您来说则需要客户端证书 PEM)。
SSLOptions +StdEnvVars +ExportCertData
SSL_CLIENT_CERT will contain the PEM encoded certificate.
SSL_CLIENT_CERT_CHAIN_n (where n is a number) and SSL_SERVER_CERT are also included, but probably uninteresting.
It's a pity that one can't configure exactly which items you want added to the environment. It would be much more svelte having only what's needed (for me common name and that the verify succeeded - though that may be implied with verify required, and for you the client cert PEM).