Apache-2.2
PHP $_SERVER′小號小號大號C我_和ñ噸C和R噸′′小號小號大號C大號一世和ñ噸C和R噸′‘SSL_CLIENT_CERT’是空的
我想要做的是將客戶端證書傳遞給我的 PHP 頁面。為了進行測試,我
curl
在 Linux 終端上使用:curl --cert cert.pem 'https://example.com/test.php'
在test.php上,我將其設置為列印
$_SERVER
超全域:<?php print_r($_SERVER); ?>
在 Apache 中,我有以下選項:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ... SSLVerifyClient optional_no_ca SSLVerifyDepth 1 SSLOptions +StdEnvVars +ExportCertData ... </VirtualHost> </IfModule>
執行我的
curl
命令後,我看到$_SERVER['SSL_CLIENT_CERT']
變數為空:Array ( [HTTPS] => on [SSL_TLS_SNI] => example.com [SSL_SERVER_CERT] => -- REDACTED -- [SSL_CLIENT_CERT] => [HTTP_USER_AGENT] => curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 [HTTP_HOST] => example.com [HTTP_ACCEPT] => */* [PATH] => /usr/local/bin:/usr/bin:/bin [SERVER_SIGNATURE] => <address>Apache/2.2.22 (Ubuntu) Server at example.com Port 443</address> [SERVER_SOFTWARE] => Apache/2.2.22 (Ubuntu) [SERVER_NAME] => example.com [SERVER_ADDR] => 10.1.26.199 [SERVER_PORT] => 443 [REMOTE_ADDR] => 10.1.26.241 [DOCUMENT_ROOT] => /vol1/sites [SERVER_ADMIN] => [no address given] [SCRIPT_FILENAME] => /vol1/sites/test.php [REMOTE_PORT] => 33400 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /test.php [SCRIPT_NAME] => /test.php [PHP_SELF] => /test.php [REQUEST_TIME] => 1487370411 )
我錯過了什麼?
我覺得很傻!但這是為我解決的問題:
與其將虛擬主機定義為
<VirtualHost _default_:443>
,不如將其定義為星號:<VirtualHost *:443>
。預設的 Apache 安裝有這一
_default_
行,在您需要更改之前很容易忽略它!