Apache-2.2

PHP $_SERVER′小號小號大號C我_和ñ噸C和R噸′′小號小號大號C大號一世和ñ噸C和R噸′‘SSL_CLIENT_CERT’是空的

  • July 22, 2019

我想要做的是將客戶端證書傳遞給我的 PHP 頁面。為了進行測試,我curl在 Linux 終端上使用:

curl --cert cert.pem 'https://example.com/test.php'

test.php上,我將其設置為列印$_SERVER超全域:

<?php
   print_r($_SERVER);
?>

在 Apache 中,我有以下選項:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
   ...
   SSLVerifyClient optional_no_ca
   SSLVerifyDepth  1
   SSLOptions +StdEnvVars +ExportCertData
   ...
</VirtualHost>
</IfModule>

執行我的curl命令後,我看到$_SERVER['SSL_CLIENT_CERT']變數為空:

Array
(
   [HTTPS] => on
   [SSL_TLS_SNI] => example.com
   [SSL_SERVER_CERT] => -- REDACTED --

   [SSL_CLIENT_CERT] =>
   [HTTP_USER_AGENT] => curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
   [HTTP_HOST] => example.com
   [HTTP_ACCEPT] => */*
   [PATH] => /usr/local/bin:/usr/bin:/bin
   [SERVER_SIGNATURE] => <address>Apache/2.2.22 (Ubuntu) Server at example.com Port 443</address>

   [SERVER_SOFTWARE] => Apache/2.2.22 (Ubuntu)
   [SERVER_NAME] => example.com
   [SERVER_ADDR] => 10.1.26.199
   [SERVER_PORT] => 443
   [REMOTE_ADDR] => 10.1.26.241
   [DOCUMENT_ROOT] => /vol1/sites
   [SERVER_ADMIN] => [no address given]
   [SCRIPT_FILENAME] => /vol1/sites/test.php
   [REMOTE_PORT] => 33400
   [GATEWAY_INTERFACE] => CGI/1.1
   [SERVER_PROTOCOL] => HTTP/1.1
   [REQUEST_METHOD] => GET
   [QUERY_STRING] =>
   [REQUEST_URI] => /test.php
   [SCRIPT_NAME] => /test.php
   [PHP_SELF] => /test.php
   [REQUEST_TIME] => 1487370411
)

我錯過了什麼?

我覺得很傻!但這是為我解決的問題:

與其將虛擬主機定義為<VirtualHost _default_:443>,不如將其定義為星號:<VirtualHost *:443>

預設的 Apache 安裝有這一_default_行,在您需要更改之前很容易忽略它!

引用自:https://serverfault.com/questions/833311