svn commit: r1127315 - /tomcat/jk/trunk/xdocs/reference/apache.xml

Tue, 24 May 2011 15:02:50 -0700 

Author: schultz
Date: Tue May 24 22:02:27 2011
New Revision: 1127315

URL: http://svn.apache.org/viewvc?rev=1127315&view=rev
Log:
Added detailed information about what SSL variables will be sent to Tomcat when 
JkExtractSSL is enabled.

Modified:
    tomcat/jk/trunk/xdocs/reference/apache.xml

Modified: tomcat/jk/trunk/xdocs/reference/apache.xml
URL: 
http://svn.apache.org/viewvc/tomcat/jk/trunk/xdocs/reference/apache.xml?rev=1127315&r1=1127314&r2=1127315&view=diff
==============================================================================
--- tomcat/jk/trunk/xdocs/reference/apache.xml (original)
+++ tomcat/jk/trunk/xdocs/reference/apache.xml Tue May 24 22:02:27 2011
@@ -271,7 +271,48 @@ The default value is On.
 In order to make SSL data available for mod_jk in Apache, you need to
 set <code>SSLOptions +StdEnvVars</code>. For the certificate information you 
also need
 to add <code>SSLOptions +ExportCertData</code>.
-</p></attribute>
+</p>
+<p>
+  Specifically, mod_jk will export the following environment variables from
+  Apache httpd to Tomcat under these request attributes as per the
+  Servlet Specification 3.0, section 3.8:
+</p>
+<table>
+  <tr><th>Env Var</th><th>Request Attribute 
Name</th><th>Type</th><th>Example</th></tr>
+  <tr>
+    <td>SSL_CIPHER<br/>(or <code>JkKEYSIZEIndicator</code>)</td>
+    <td>javax.servlet.request.cipher_suite</td>
+    <td>java.lang.String</td>
+    <td>DHE-RSA-AES256-SHA</td>
+  </tr>
+  <tr>
+    <td>SSL_CIPHER_USEKEYSIZE<br/>(or <code>JkKEYSIZEIndicator</code>)</td>
+    <td>javax.servlet.request.key_size</td>
+    <td>java.lang.Integer</td>
+    <td>256</td>
+  </tr>
+  <tr>
+    <td>SSL_SESSION_ID<br/>(or <code>JkSESSIONIndicator</code>)</td>
+    <td>javax.servlet.request.ssl_session</td>
+    <td>java.lang.String</td>
+    <td>905...32E (a hex string)</td>
+  </tr>
+  <tr>
+    <td>SSL_CLIENT_CERT_CHAIN_<i>n</i><br/>(or 
<code>JkCERTCHAINPrefix</code><i>n</i>)</td>
+    <td>javax.servlet.request.X509Certificate</td>
+    <td>java.security.X509Certificate[]</td>
+    <td>(A chain of certs in ascending order of trust, the first one being
+        ths client's certificate, the second being the signer of that
+        certificate, and so on)</td>
+  </tr>
+</table>
+<p>
+  For all other SSL-related variables, use <code>JkEnvVar</code> for each
+  variable you want. Please note that, like <code>JkEnvVar</code>, these
+  variables are available from the request <i><b>attributes</b></i>, not as
+  environment variables or as request headers.
+</p>
+</attribute>
 <attribute name="JkHTTPSIndicator" required="false"><p>
 Name of the Apache environment variable that contains SSL indication.
 <br/>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to