lib/Plack/Middleware/Apache2/ModSSL.pm

package Plack::Middleware::Apache2::ModSSL;

use 5.010;
use strict;

use base qw(Plack::Middleware);
use Apache2::ModSSL;
use Plack::Util::Accessor qw(vars client_exts server_exts);

BEGIN {
	$Plack::Middleware::Apache2::ModSSL::AUTHORITY = 'cpan:TOBYINK';
	$Plack::Middleware::Apache2::ModSSL::VERSION   = '0.001';
}

sub call
{
	my ($self, $env) = @_;
	my $c = $env->{'psgi.input'}->connection;
	
	$env->{$_} //= $c->ssl_var_lookup($_)
		for @{ $self->vars // [] };
	
	$env->{"SERVER:$_"} //= $c->ssl_ext_lookup(0, $_)
		for @{ $self->server_exts // [] };
	
	$env->{"CLIENT:$_"} //= $c->ssl_ext_lookup(1, $_)
		for @{ $self->client_exts // [] };
	
	$self->app->($env);
}

__PACKAGE__
__END__

=head1 NAME

Plack::Middleware::Apache2::ModSSL - pull in $env data from mod_ssl API

=head1 SYNOPSIS

 builder
 {
   enable "Apache2::ModSSL",
          vars => [qw(SSL_CLIENT_CERT)];
   $app;
 };

=head1 DESCRIPTION

Apache mod_ssl provides a bunch of data about the SSL connection. While
much of this is often exposed in environment variables, sometimes server
configuration (especially the I<SSLOptions> configuration directive)
will result in some of the data not being available to your application.
This module pokes into the mod_ssl API to retrieve the data you need and
stash it away in Plack's C<< $env >>.

You may be able to tweak your Apache configuration and persuade it to
give you the data you want via environment variables, in which case
Plack's Apache2 handler will automatically copy them into C<< $env >>
and you don't need this module.

=head2 C<vars>

Specifies an arrayref listing SSL-related variables to add to C<< $env >>.

=head2 C<server_exts>

An arrayref of OIDs which will be exported from the server's certificate.
It's incredibly unlikely you need this.

=head2 C<client_exts>

An arrayref of OIDs which will be exported from the client's certificate.
It's pretty unlikely you need this.

=begin private

=item call

=end private

=head1 BUGS

Plack::Middleware::Apache2::ModSSL uses L<Apache2::ModSSL> which is an
XS module (and a bit of a pain to build at that). The latter has an
oddity in how it loads up the XS part of the module. To counteract the
oddity, I've found it necessary to add this to my PSGI, near the top:

 BEGIN { $ENV{MOD_PERL} ||= 'mod_perl' };

If you get error messages about the C<ssl_var_lookup> method not being
defined in package Apache2::Connection, then try the above.

Please report any other bugs to
L<http://rt.cpan.org/Dist/Display.html?Queue=Plack-Middleware-Apache2-ModSSL>.

=head1 SEE ALSO

L<Plack>,
L<Apache2::ModSSL>.

L<http://httpd.apache.org/docs/2.0/mod/mod_ssl.html>.

=head1 AUTHOR

Toby Inkster E<lt>tobyink@cpan.orgE<gt>.

=head1 COPYRIGHT AND LICENCE

This software is copyright (c) 2012 by Toby Inkster.

This is free software; you can redistribute it and/or modify it under
the same terms as the Perl 5 programming language system itself.

=head1 DISCLAIMER OF WARRANTIES

THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)