How to access mod_ssl environment variables from django using mod_wsgi?

Question

I'm trying to get the client's certificate and sign an xml file using it. I have added the following to my virtual hosts:

SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +stdEnvVars

This should allow mod_ssl to get the user's certificate. But I don't know how to pass it along to my django app. Any help is appreciated. Thanks.

Answer 1

Those Apache configuration directives mean that mod_ssl environment variables should now be available in the environment inherited by Django. You can therefore access them using the os.environ object in your Django view:

import os
client_cert = os.environ['SSL_CLIENT_CERT']

The SSL_CLIENT_CERT variable contains the PEM-encoded client certificate.

Answer 2

You should use

SSLOptions +StdEnvVars
SSLOptions +ExportCertData

in apache config to have SSL_CLIENT_CERT in the environment.

With flask, it will be in request.environ['SSL_CLIENT_CERT']

Based on the discusson of the other answer, it might be request.META['SSL_CLIENT_CERT'] for django.

Answer 3

SSLOptions +StdEnvVars +ExportCertData

SSL_CLIENT_CERT will contain the PEM encoded certificate.

SSL_CLIENT_CERT_CHAIN_n (where n is a number) and SSL_SERVER_CERT are also included, but probably uninteresting.

It's a pity that one can't configure exactly which items you want added to the environment. It would be much more svelte having only what's needed (for me common name and that the verify succeeded - though that may be implied with verify required, and for you the client cert PEM).