commit f740b61b03c9e31f4915ee7d7444d64fc320b41c
from: Omar Polo <op@omarpolo.com>
date: Fri Jun 11 15:48:56 2021 UTC

more params from and send a custom list

commit - 6957a8c27fa6df0590c6dce9f386dd669bd0b6b3
commit + f740b61b03c9e31f4915ee7d7444d64fc320b41c
blob - 27854a52e2f9f31d6a27fb10bfa32cda4352fee9
blob + 075bad82960d843caa4917a2cd470ad4f9569a4e
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,10 @@
+2021-06-11  Omar Polo  <op@omarpolo.com>
+
+	* fcgi.c (send_fcgi_req): send GATEWAY_INTERFACE, AUTH_TYPE,
+	REMOTE_USER, TLS_CLIENT_ISSUER, TLS_CLIENT_HASH, TLS_VERSION,
+	TLS_CIPHER, TLS_CIPHER_STRENGTH and TLS_CLIENT_NOT_BEFORE/AFTER.
+	(send_fcgi_req): support a custom list of params
+
 2021-05-24  Omar Polo  <op@omarpolo.com>
 
 	* gg.c: move `gg' to regress, as it's only used for the tests
blob - 8a566b3abf92d1cbcd76afdf62b6c56ce84741f0
blob + 1413d75635a04ebeca4b575838384be5f30e499b
--- fcgi.c
+++ fcgi.c
@@ -34,7 +34,7 @@
  */
 #define DEBUG_FCGI 0
 
-#ifdef DEBUG_FCGI
+#if DEBUG_FCGI
 # include <sys/un.h>
 static int debug_socket = -1;
 #endif
@@ -456,9 +456,11 @@ err:
 void
 send_fcgi_req(struct fcgi *f, struct client *c)
 {
-	char		 addr[NI_MAXHOST];
-	const char	*t;
+	char		 addr[NI_MAXHOST], buf[22];
 	int		 e;
+	time_t		 tim;
+	struct tm	 tminfo;
+	struct envlist	*p;
 
         e = getnameinfo((struct sockaddr*)&c->addr, sizeof(c->addr),
 	    addr, sizeof(addr),
@@ -470,6 +472,7 @@ send_fcgi_req(struct fcgi *f, struct client *c)
 	c->next = NULL;
 
 	fcgi_begin_request(f->fd, c->id);
+	fcgi_send_param(f->fd, c->id, "GATEWAY_INTERFACE", "CGI/1.1");
 	fcgi_send_param(f->fd, c->id, "GEMINI_URL_PATH", c->iri.path);
 	fcgi_send_param(f->fd, c->id, "QUERY_STRING", c->iri.query);
 	fcgi_send_param(f->fd, c->id, "REMOTE_ADDR", addr);
@@ -478,7 +481,40 @@ send_fcgi_req(struct fcgi *f, struct client *c)
 	fcgi_send_param(f->fd, c->id, "SERVER_NAME", c->iri.host);
 	fcgi_send_param(f->fd, c->id, "SERVER_PROTOCOL", "GEMINI");
 	fcgi_send_param(f->fd, c->id, "SERVER_SOFTWARE", GMID_VERSION);
+
+	if (tls_peer_cert_provided(c->ctx)) {
+		fcgi_send_param(f->fd, c->id, "AUTH_TYPE", "CERTIFICATE");
+		fcgi_send_param(f->fd, c->id, "REMOTE_USER",
+		    tls_peer_cert_subject(c->ctx));
+		fcgi_send_param(f->fd, c->id, "TLS_CLIENT_ISSUER",
+		    tls_peer_cert_issuer(c->ctx));
+		fcgi_send_param(f->fd, c->id, "TLS_CLIENT_HASH",
+		    tls_peer_cert_hash(c->ctx));
+		fcgi_send_param(f->fd, c->id, "TLS_VERSION",
+		    tls_conn_version(c->ctx));
+		fcgi_send_param(f->fd, c->id, "TLS_CIPHER",
+		    tls_conn_cipher(c->ctx));
 
+		snprintf(buf, sizeof(buf), "%d",
+		    tls_conn_cipher_strength(c->ctx));
+		fcgi_send_param(f->fd, c->id, "TLS_CIPHER_STRENGTH", buf);
+
+		tim = tls_peer_cert_notbefore(c->ctx);
+		strftime(buf, sizeof(buf), "%FT%TZ",
+		    gmtime_r(&tim, &tminfo));
+		fcgi_send_param(f->fd, c->id, "TLS_CLIENT_NOT_BEFORE", buf);
+
+		tim = tls_peer_cert_notafter(c->ctx);
+		strftime(buf, sizeof(buf), "%FT%TZ",
+		    gmtime_r(&tim, &tminfo));
+		fcgi_send_param(f->fd, c->id, "TLS_CLIENT_NOT_AFTER", buf);
+
+		TAILQ_FOREACH(p, &c->host->params, envs) {
+			fcgi_send_param(f->fd, c->id, p->name, p->value);
+		}
+	} else
+		fcgi_send_param(f->fd, c->id, "AUTH_TYPE", "");
+
 	if (fcgi_end_param(f->fd, c->id) == -1)
 		close_all(f);
 }
blob - 2443797b59939bb5de10d1f262abb23e6ee762ce
blob + ee4152f49c22ead2eb68e376f4fdabf97cfd554e
--- gmid.h
+++ gmid.h
@@ -125,6 +125,7 @@ struct vhost {
 	struct lochead	 locations;
 
 	struct envhead	 env;
+	struct envhead	 params;
 	struct aliashead aliases;
 };