Hi, The current mod_ssl uses X509_NAME_oneline to get a one-line ASCII format of the DN. This however, is not compliant with the RFC - checkout http://www.openssl.org/support/faq.html#USER13.
Moreover, the man page for X509_NAME_oneline (with OpenSSL 0.9.7x) says that the function is obsolete, and that we ought to use X509_NAME_print_ex. The patch is pretty simple if we want to change mod_ssl to use the RFC supported style. However, there are probably a lot of users who will not be happy if we change it abruptly. Hence I propose that we add a new SSL directive (SSLDNFormat or something like that) which allows the user to configure the format he likes (default will be the non-RFC compliant). The one catch with such a directive is if the customer is using OpenSSL 0.9.6x - where X509_NAME_print_ex is not available - in which case, the directive will be dummy. Any comments. Thanks -Madhu
