I am writing a web service in Perl that will run under SSL (HTTPS) with client certificates. How can I determine which certificate is being used by the client in the current connection so I can filter out unwanted ones?
Note: the web service is being run as a mod_perl script.
Found the answer on PerlMonks:
Use the Apache::SSLLookup module
sub handler {
my $r = Apache::SSLLookup->new(shift);
my $request_is_over_ssl = $r->is_https;
my $certificate = $r->lookup_var('SSL_CLIENT_CERT');
...
}
mod_ssl environment reference here.