(Apache) Access Control, Authentication, and Authorization Questions?

[garlar27]

Hi,
    I made some Apache modules and now I need to use SSL on them. I've been reading some books and searching the forum and wiki and somethings are not very clear for me:
   
    o- How can I access the Certificate Fields (like Common Name, Organization, Expiration Date, etc.)? Can I access them by "TRequest.GetFieldByName('SomeName')" ?
    o- The Access Control, Authentication, and Authorization have place before the module is called or the module it self has to take responsibility with this task ?
    o- Are any examples in Lazarus ?
   
    I have red this article and parts of the book "Writing Apache Modules with Perl and C" and other books about Apache. Can anybody point me to another wiki article, forum post, or any thing you consider I should read?
   
    Thanks in advance.

[vincococka]

Hi,

1, maybe something for you:
http://lists.lazarus.freepascal.org/pipermail/lazarus/2014-March/086479.html
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars
http://wiki.cacert.org/ApacheServerClientCertificateAuthentication

2, it depends on what you want to achieve. You  can leave  authentication & authorization on apache only, or let your application handle it. Or you can mix it - e.g. client certificate will be verified by Apache (revoked/accepted), but username/password/permissions should handle your application and respond according your needs.

Regards

[garlar27]

Thanks, I will take a look at them.