On Fri, 15 Oct 2004 21:14:16 +0100, Joe Orton <[EMAIL PROTECTED]> wrote: [SNIP] > > Moreover, the man page for X509_NAME_oneline (with OpenSSL 0.9.7x) > > says that the function is obsolete, and that we ought to use > > X509_NAME_print_ex. > > The RFC mentioned, RFC2253 is a mapping for DNs into a standard form for > use with LDAP databases. mod_ssl exports DNs for use in FakeBasicAuth, > and in the SSL_*_DN variables (anywhere else too?); I don't see how > these relate to LDAP?
Well.. for one use I have atleast 2 different customers who map the information retrieved from a client certficate to the LDAP database. Both of them came back with the same question: Does SSL_CLIENT_S_DN conform to any known standard. The one standard I know for representing DN are the 1779 and 2253. Are there any other standards - if so, please let me know for I'm unaware. > > > The patch is pretty simple if we want to change mod_ssl to use the RFC > > supported style. However, there are probably a lot of users who will > > not be happy if we change it abruptly. Hence I propose that we add a > > new SSL directive (SSLDNFormat or something like that) which allows > > the user to configure the format he likes (default will be the non-RFC > > compliant). > > Which use of DNs do you want to change? Controlling these disparate uses > of DNs from one config directive sounds confusing. Okay - what do you suggest ? Thanks -Madhu
