diff -urb httpd-2.0.54/modules/ssl/mod_ssl.c httpd-2.0.54.p/modules/ssl/mod_ssl.c
--- httpd-2.0.54/modules/ssl/mod_ssl.c	2005-02-04 21:21:18.000000000 +0100
+++ httpd-2.0.54.p/modules/ssl/mod_ssl.c	2005-04-26 01:14:14.000000000 +0200
@@ -402,6 +402,7 @@
     ap_hook_translate_name(ssl_hook_Translate,     NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_check_user_id (ssl_hook_UserCheck,     NULL,NULL, APR_HOOK_FIRST);
     ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
+    ap_hook_access_checker(ssl_hook_Username,      NULL,NULL, APR_HOOK_FIRST);
     ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
     ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
diff -urb httpd-2.0.54/modules/ssl/mod_ssl.h httpd-2.0.54.p/modules/ssl/mod_ssl.h
--- httpd-2.0.54/modules/ssl/mod_ssl.h	2005-02-04 21:21:18.000000000 +0100
+++ httpd-2.0.54.p/modules/ssl/mod_ssl.h	2005-04-26 01:14:14.000000000 +0200
@@ -573,6 +573,7 @@
 int          ssl_hook_Translate(request_rec *);
 int          ssl_hook_Auth(request_rec *);
 int          ssl_hook_UserCheck(request_rec *);
+int          ssl_hook_Username(request_rec *);
 int          ssl_hook_Access(request_rec *);
 int          ssl_hook_Fixup(request_rec *);
 int          ssl_hook_ReadReq(request_rec *);
diff -urb httpd-2.0.54/modules/ssl/ssl_engine_kernel.c httpd-2.0.54.p/modules/ssl/ssl_engine_kernel.c
--- httpd-2.0.54/modules/ssl/ssl_engine_kernel.c	2005-03-29 10:44:31.000000000 +0200
+++ httpd-2.0.54.p/modules/ssl/ssl_engine_kernel.c	2005-04-26 01:14:14.000000000 +0200
@@ -160,6 +160,32 @@
     return DECLINED;
 }
 
+int ssl_hook_Username(request_rec *r)
+{
+    SSLDirConfigRec *dc = myDirConfig(r);
+
+    /* If we're trying to have the user name set from a client
+     * certificate then we need to set it here. This should be safe as
+     * the user name probably isn't important from an auth checking point
+     * of view as the certificate supplied acts in that capacity.
+     * However, if FakeAuth is being used then this isn't the case so
+     * we need to postpone setting the username until later.
+     */
+    if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
+        char *val = ssl_var_lookup(r->pool, r->server, r->connection,
+                                   r, (char *)dc->szUserName);
+        if (val && val[0]) {
+            r->user = val;
+
+            ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                         "Setting Username to -%s- from SSLUserName directive using %s", r->user, dc->szUserName);
+        }
+    } 
+
+    // We never actually do anything, we just set the username field.
+    return DECLINED;
+}
+
 /*
  *  Access Handler
  */
@@ -737,20 +763,6 @@
         }
     }
 
-    /* If we're trying to have the user name set from a client
-     * certificate then we need to set it here. This should be safe as
-     * the user name probably isn't important from an auth checking point
-     * of view as the certificate supplied acts in that capacity.
-     * However, if FakeAuth is being used then this isn't the case so
-     * we need to postpone setting the username until later.
-     */
-    if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
-        char *val = ssl_var_lookup(r->pool, r->server, r->connection,
-                                   r, (char *)dc->szUserName);
-        if (val && val[0])
-            r->user = val;
-    } 
-
     /*
      * Check SSLRequire boolean expressions
      */